自定义fuzz规则结合收集的敏感信息跟弱口令top100生成burp爆破用的密码的PHP小脚本

  • A+
所属分类:神兵利刃

user.txt存放收集到的敏感信息 

pass.txt为根据$rule生成的密码 

很简单可自行修改成自己使用的脚本 

1.png 

2.png 

<?php 

$rule = " 

%username% 

%username%1 

%username%12 

%username%123 

%username%1234 

%username%12345 

%username%123456 

%username%654321 

%username%54321 

%username%4321 

%username%321 

%username%21 

%username%111 

%username%222 

%username%333 

%username%444 

%username%555 

%username%666 

%username%777 

%username%888 

%username%999 

%username%000 

%username%126 

%username%@126.com 

%username%@163 

%username%@163.com 

%username%163 

%username%8 

%username%88 

%username%2008 

%username%2009 

%username%2010 

%username%2011 

%username%2012 

%username%2013 

%username%@2008 

%username%@2009 

%username%@2010 

%username%@2011 

%username%@2012 

%username%@2013 

%username%@2014 

%username%!@# 

"; 

$pass = " 

123456789 

a123456 

123456 

a123456789 

1234567890 

woaini1314 

qq123456 

abc123456 

123456a 

123456789a 

147258369 

zxcvbnm 

987654321 

12345678910 

abc123 

qq123456789 

123456789. 

7708801314520 

woaini 

5201314520 

q123456 

123456abc 

1233211234567 

123123123 

123456. 

0123456789 

asd123456 

aa123456 

135792468 

q123456789 

abcd123456 

12345678900 

woaini520 

woaini123 

zxcvbnm123 

1111111111111111 

w123456 

aini1314 

abc123456789 

111111 

woaini521 

qwertyuiop 

1314520520 

1234567891 

qwe123456 

asd123 

000000 

1472583690 

1357924680 

789456123 

123456789abc 

z123456 

1234567899 

aaa123456 

abcd1234 

www123456 

123456789q 

123abc 

qwe123 

w123456789 

7894561230 

123456qq 

zxc123456 

123456789qq 

1111111111 

111111111 

0000000000000000 

1234567891234567 

qazwsxedc 

qwerty 

123456.. 

zxc123 

asdfghjkl 

0000000000 

1234554321 

123456q 

123456aa 

9876543210 

110120119 

qaz123456 

qq5201314 

123698745 

5201314 

000000000 

as123456 

123123 

5841314520 

z123456789 

52013145201314 

a123123 

caonima 

a5201314 

wang123456 

abcd123 

123456789.. 

woaini1314520 

123456asd 

aa123456789 

741852963 

a12345678 

"; 

if ($argc < 2) 



  print_r(' 

========================================= 

author: Chora 

example: php '.$argv[0].' file 

========================================= 

'); 

  exit(); 



$pass = ltrim($pass); 

$file = $argv[1]; 

$user = file($file); 

$user = array_map('trim',$user); 

foreach($user as $username) 



  $pass .= ltrim(str_replace('%username%',$username,$rule)); 



$pass = rtrim($pass); 

$fp = fopen('pass.txt','a+'); 

fwrite($fp,$pass); 

echo 'Done!'; 

fclose($fp); 

?>

  • 我的微信
  • 这是我的微信扫一扫
  • weinxin
  • 我的微信公众号
  • 我的微信公众号扫一扫
  • weinxin

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: