├── README.md ├── ShellBruter.py ├── password.txt └── result_file.txt /README.md: -------------------------------------------------------------------------------- 1 | # ShellBruter 2 | WebShell高效爆破字典生成 3 | 4 | ![](https://raw.githubusercontent.com/r00tSe7en/pictures/master/2020.03.23/0.png) 5 | 6 | 爆破思路参考: 7 | 8 | https://www.t00ls.net/thread-36985-1-1.html 9 | 10 | 这里不继续用python写请求的原因是感觉让burp处理这些会更好(懒) 11 | 12 | 使用示例: 13 | 14 | 假设当前shell为: 15 | 16 | ```php 17 | 18 | ``` 19 | 20 | 1)burp加载生成的爆破字典 21 | 22 | ![](https://raw.githubusercontent.com/r00tSe7en/pictures/master/2020.03.23/1.png) 23 | 24 | 2)关闭URL编码(很重要) 25 | 26 | ![](https://raw.githubusercontent.com/r00tSe7en/pictures/master/2020.03.23/2.png) 27 | 28 | 3)得到结果 29 | 30 | ![](https://raw.githubusercontent.com/r00tSe7en/pictures/master/2020.03.23/3.png) 31 | 32 | ![](https://raw.githubusercontent.com/r00tSe7en/pictures/master/2020.03.23/4.png) 33 | 34 | 此方法可灵活使用,其余可自由发挥。 35 | -------------------------------------------------------------------------------- /ShellBruter.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # @Author:Se7en 4 | #读取文件 5 | def ReadPass(pass_file,result_file): 6 | # 定义分割大小 7 | segmentation = 1000 8 | # 定义存放总列表 9 | pass_list = [] 10 | with open(pass_file, "r", encoding='utf-8') as pass_file: 11 | lines = pass_file.readlines() 12 | pass_file.close() 13 | # 生成可用参数格式并存入列表pass_list 14 | for line in lines: 15 | pass_list.append('&'+line.strip()+'=echo "'+line.strip()+'";') 16 | list_length = len(pass_list) # 列表元素个数 17 | ''' 18 | print("列表元素个数:"+str(list_length)) 19 | ''' 20 | times = int(list_length/segmentation) # 分割总次数 21 | time = 1 # 第几次分割 22 | temp = 0 # 递增临时变量 23 | with open(result_file, "w", encoding='utf-8') as result_file: # 写入结果文件 24 | #此处存放满足1000个元素并写入 25 | while(time<=times): 26 | temp2 = 0 # 递增临时变量 27 | ''' 28 | print("第"+ str(time) +"次分割:") 29 | print(str(temp+1)+" -> "+str(temp+1000)) # 当前分段 30 | ''' 31 | for line in pass_list[temp:temp+segmentation]: # 循环写入当前分段 32 | result_file.write(pass_list[temp+temp2]) 33 | temp2=temp2+1 34 | result_file.write("\n") 35 | ''' 36 | print(pass_list[temp:temp+1000]) 37 | ''' 38 | time = time+1 39 | temp = temp+segmentation 40 | #此处存放剩余不足1000个元素并写入 41 | ''' 42 | print("剩余不足1000个元素:") 43 | print(str(times*1000+1)+" -> "+str(list_length)) 44 | print(pass_list[times*1000:list_length]) 45 | ''' 46 | temp3 = 0 # 递增临时变量 47 | for line in pass_list[times*segmentation:list_length]: 48 | result_file.write(pass_list[times*segmentation+temp3]) 49 | temp3 = temp3 + 1 50 | result_file.write("\n") 51 | result_file.close() 52 | 53 | if __name__ == '__main__': 54 | # 只需提供password.txt即可,文本内容尽量提前去重 55 | banner = """ 56 | 57 | _________.__ .__ .__ __________ __ 58 | / _____/| |__ ____ | | | |\______ \_______ __ ___/ |_ ___________ 59 | \_____ \ | | \_/ __ \| | | | | | _/\_ __ \ | \ __\/ __ \_ __ \\ 60 | / \| Y \ ___/| |_| |_| | \ | | \/ | /| | \ ___/| | \/ 61 | /_______ /|___| /\___ >____/____/______ / |__| |____/ |__| \___ >__| 62 | \/ \/ \/ \/ \/ 63 | _by Se7en 64 | 65 | """ 66 | print(banner) 67 | try: 68 | ReadPass('password.txt', 'result_file.txt') 69 | print("Enjoy your result_file.txt!") 70 | except: 71 | print("You need to provide the password dictionary first!") 72 | --------------------------------------------------------------------------------