下载地址
简介
优点:
- 绕过图形验证码
- 绕过前端数据加密
不足:
- ddddocr识别不够精确
- 单线程
安装使用
python 3.7+ddddocr+selenium+chromedriver.exe
在conf.json中,参照以下内容进行配置
{
"url": "http://192.168.86.226/pikachu-master/vul/burteforce/bf_server.php",//目标地址url
"user_xpath": "//*[@id=\"main-container\"]/div[2]/div/div[2]/div/div/form/label[1]/span/input",//用户名输入登录框
"pass_xpath": "//*[@id=\"main-container\"]/div[2]/div/div[2]/div/div/form/label[2]/span/input",//密码输入登录框
"orc_input_xpath": "//*[@id=\"main-container\"]/div[2]/div/div[2]/div/div/form/label[3]/span/input",//验证码输入登录框
"orc_xpath": "//*[@id=\"main-container\"]/div[2]/div/div[2]/div/div/form/label[4]/img",//验证码
"login_button_xpath": "//*[@id=\"main-container\"]/div[2]/div/div[2]/div/div/form/div[2]/label/input",//登录按钮
"orc_res_xpath": "//*[@id=\"main-container\"]/div[2]/div/div[2]/div/div/p"//登录结果
}
指定脚本中chromedriver.exe的路径
s = Service("../chromedriver.exe")
开始使用
Usage: usage weakpass_exploit.py -u <username dict> -p <password dict> -c <config file>
Options:
-h, --help show this help message and exit
-u USERNAME_DICT Enter the username dict eg:user.txt
-p PASSWORD_DICT Enter the password dict eg:pass.txt
-c CONFIG_FILE Enter the config file eg:conf.json
-e Use headless model eg: -e
© 版权声明
THE END
暂无评论内容