Leaderboard

Preia o lista de host-uri (domenii sau ip-uri ) din hosts.txt si verifica o serie de path-uri comune pentru gasirea path-ului de login. ( wp-login.php ). Bun de folosit impreuna cu un brute force tool pentru wordpress. import threading,Queue,urllib2,sys da = open('wpuri.txt','a') nu = open('bad.txt','w') paths = ['','/blog','/wp','/wordpress','/journal'] class Discloser(threading.Thread): def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): while True: host = self.queue.get() self.checker(host) self.queue.task_done() def checker(self,Host): try: for p in paths: f = urllib2.urlopen(Host+p+'/wp-login.php', timeout=15) if 'wp-admin-css' in f.read(): print Host+p da.write(Host+p+'\n') da.flush() return True nu.write(Host+'\n') nu.flush() return False except Exception, e: #print e nu.write(Host+'\n') nu.flush() return False def main(urls,numthreads): queue = Queue.Queue(maxsize=6000) for i in range(numthreads): try: t = Discloser(queue) t.daemon = True t.start() except Exception, e: print 'Cant Start',numthreads,'Thread. I started',i,'Threads' break for url in urls: host = url.rstrip() if url.startswith('http://') else 'http://'+url.rstrip() queue.put(host.rstrip()) queue.join() if __name__ == "__main__": #----------------------------------------- print '[+]Wordpress Login Path Discloser v1.0' print '[+]Author: Elohim' fispas = open("hosts.txt",'rU') urls = fispas.readlines() numthreads = int(sys.argv[1]) #----------------------------------------- main(urls,numthreads) Usage: python checker.py 40 40 = Numarul thread-urilor. Ce este bun, salveaza in wpuri.txt, ce nu este bun, salveaza in bad.txt daca se doresc verificari ulterioare. Path-uri folosite: paths = ['','/blog','/wp','/wordpress','/journal'] Daca mai aveti alte idei, postati aici si le adaug. Spor la folosit.

Un PM CU LINK ?

Gilbert... te-ai murdarit la gura cu engleza? de ce pula mea nu folosesti Google translate? Daca e articolul in engleza asta nu inseamna ca trebuie s-o arzi pe engleza aici.