GithubHelp home page GithubHelp logo

zwbuniubi / weakpass_exploit Goto Github PK

View Code? Open in Web Editor NEW

This project forked from yxdnr/weakpass_exploit

0.0 0.0 0.0 414 KB

网站弱口令爆破小脚本,支持绕过图形验证码、绕过前端数据加密

Python 100.00%

weakpass_exploit's Introduction

weakpass_exploit

网站弱口令爆破小脚本

优点:

  • 绕过图形验证码
  • 绕过前端数据加密

不足:

  • ddddocr识别不够精确
  • 单线程

注: 本项目所有文件仅供学习和研究使用,请勿使用项目中的技术源码用于非法用途,任何人造成的任何负面影响,与本人无关.

更新

2023-12-21 更新了说明文档,对配置文件的字段进行了说明

2023-2-27 更新了说明文档,修改了部分代码

2023-2-3 优化了登录判断逻辑,现在会根据登陆成功或失败后跳转的页面进行检索,匹配关键字判断是否登录成功

安装

python 3.7+

ddddocr

selenium

chromedriver.exe

通过这个链接查看支持的版本:
https://chromedriver.storage.googleapis.com/LATEST_RELEASE
通过这个链接下载需要的版本:
https://chromedriver.chromium.org/downloads

配置

在conf.json中,参照以下内容进行配置,以pikachu靶场为例

复制页面元素的XPath填入到conf.json中

image-20221212155504710

验证码错误时会提示

image-20230227152427063

用户名密码错误时会提示

image-20230227152609239

配置文件字段含义

url:登陆页面的URL
driver_path:本地chromedriver程序的路径
user_xpath:用户名输入框的xpath路径
pass_xpath:密码输入框的xpath路径
orc_input_xpath:验证码输入框的xpath路径
orc_xpath:验证码的xpath路径
login_button_xpath:登陆按钮的xpath路径
regex_verify_res:验证码识别失败的提示语
regex_login_fail_res:验证码识别成功但是账户或者口令错误的提示语

配置完成如下:

{
	"url": "http://192.168.86.186/pikachu-master/vul/burteforce/bf_server.php",
	"driver_path": "D:/python3/chromedriver.exe",
	"user_xpath": "//*[@id=\"main-container\"]/div[2]/div/div[2]/div/div/form/label[1]/span/input",
	"pass_xpath": "//*[@id=\"main-container\"]/div[2]/div/div[2]/div/div/form/label[2]/span/input",
	"orc_input_xpath": "//*[@id=\"main-container\"]/div[2]/div/div[2]/div/div/form/label[3]/span/input",
	"orc_xpath": "//*[@id=\"main-container\"]/div[2]/div/div[2]/div/div/form/label[4]/img",
	"login_button_xpath": "//*[@id=\"main-container\"]/div[2]/div/div[2]/div/div/form/div[2]/label/input",
	"regex_verify_res": "验证码输入错误哦",
	"regex_login_fail_res": "username or password is not exists"
}

使用

开始使用

Usage: usage weakpass_exploit.py -u <username dict> -p <password dict> -c <config file>

Options:
  -h, --help        show this help message and exit
  -u USERNAME_DICT  Enter the username dict eg:user.txt
  -p PASSWORD_DICT  Enter the password dict eg:pass.txt
  -c CONFIG_FILE    Enter the config file eg:conf.json
  -e                Use headless model eg: -e

image-20230227154440052

weakpass_exploit's People

Contributors

yxdnr avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.