Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/L-codes/oneshellcrack
a very very fast brute force webshell password tool
https://github.com/L-codes/oneshellcrack
bruteforce crack facebook oneshellcrack password webshell
Last synced: about 2 months ago
JSON representation
a very very fast brute force webshell password tool
- Host: GitHub
- URL: https://github.com/L-codes/oneshellcrack
- Owner: L-codes
- License: gpl-3.0
- Created: 2017-06-17T05:50:16.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2020-01-15T03:50:58.000Z (almost 5 years ago)
- Last Synced: 2024-08-03T18:12:08.529Z (4 months ago)
- Topics: bruteforce, crack, facebook, oneshellcrack, password, webshell
- Language: Python
- Homepage:
- Size: 17.6 KB
- Stars: 47
- Watchers: 3
- Forks: 24
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - L-codes/oneshellcrack - a very very fast brute force webshell password tool (Python)
README
# 0x00 Oneshellcrack
oneshellcrack 是一个非常快的webshell暴力破解工具,工作原理是多线程并通过一次性发送大量的密码探测POST数据进行爆破,是其他普通webshell密码暴力破解工具的数千倍
项目地址:[https://github.com/L-codes/oneshellcrack](https://github.com/L-codes/oneshellcrack)
# 0x01 Features
- 速度极快,经过本地服务器测试平均破解可达每秒22万个密码
- 支持python 2.x和3.x
- 支持网络或服务器性能影响,请求失败后的自动重新请求
- 支持批量大密码字典文件
- 支持自动生成常见默认密码和短密码枚举
- 支持自动过滤不合法的密码
# 0x02 Parameter description
```
$ python3 oneshellcrack.py -h
___ ____ _ _ _ ____ _
/ _ \ _ __ ___/ ___|| |__ ___| | |/ ___|_ __ __ _ ___| | __
| | | | '_ \ / _ \___ \| '_ \ / _ \ | | | | '__/ _` |/ __| |/ /
| |_| | | | | __/___) | | | | __/ | | |___| | | (_| | (__| <
\___/|_| |_|\___|____/|_| |_|\___|_|_|\____|_| \__,_|\___|_|\_\
[ Author L Version 1.0.1 ]
[ Github ] https://github.com/L-codes/oneshellcrack
usage: oneshellcrack.py [-h] [-m] [-n] [-r] [-s] [-t] [-w]
[-p FILE [FILE ...]]
URL
positional arguments:
URL Target URL
optional arguments:
-h, --help show this help message and exit
-m , --max-threads specify max threads [default: 200]
-n , --number specify max password request [default: auto]
-r , --retry-nums specify max retry request [default: 1]
-s , --shell specify webshell type
-t , --timeout specify request timeout [default: 8]
-w , --weakpwd-len specify weak possword lenghts [default: 4]
-p FILE [FILE ...] specify possword files [default: Weak passwords]
use examples:
python oneshellcrack.py http://localhost/shell.php
python oneshellcrack.py http://localhost/shell.jsp -n 1000 -m 300
python oneshellcrack.py http://localhost/shell.asp -p pwd1.lst pwd2.lst
```
# 0x03 Use examples
## Examples 1
```
python3 oneshellcrack.py http://172.16.178.139/a.php
___ ____ _ _ _ ____ _
/ _ \ _ __ ___/ ___|| |__ ___| | |/ ___|_ __ __ _ ___| | __
| | | | '_ \ / _ \___ \| '_ \ / _ \ | | | | '__/ _` |/ __| |/ /
| |_| | | | | __/___) | | | | __/ | | |___| | | (_| | (__| <
\___/|_| |_|\___|____/|_| |_|\___|_|_|\____|_| \__,_|\___|_|\_\
[ Author L Version 1.0.1 ]
[ Github ] https://github.com/L-codes/oneshellcrack
( Shell:php, Numbers:1500, Threads:200, Retry:1 )
[Crack] No.1751 (0.01s) CODE: 200 - POST Content-Length: 15623
[Failed] No password found
[Finish] 2626500 words in 11.922 seconds. (220310 w/s)
```
## Examples 2
```
$ python3 oneshellcrack.py http://172.16.178.133:84/1.asp -p pwd.lst
___ ____ _ _ _ ____ _
/ _ \ _ __ ___/ ___|| |__ ___| | |/ ___|_ __ __ _ ___| | __
| | | | '_ \ / _ \___ \| '_ \ / _ \ | | | | '__/ _` |/ __| |/ /
| |_| | | | | __/___) | | | | __/ | | |___| | | (_| | (__| <
\___/|_| |_|\___|____/|_| |_|\___|_|_|\____|_| \__,_|\___|_|\_\
[ Author L Version 1.0.1 ]
[ Github ] https://github.com/L-codes/oneshellcrack
( Shell:asp, Numbers:1000, Threads:200, Retry:1 )
[Crack] No.607 (0.05s) CODE: 200 - POST Content-Length: 41347
[Success] Password: pass&123
[Finish] 607000 words in 5.080 seconds. (119477 w/s)
```
# 0x04 Problem
如在使用过程中发现bug或有好的建议,欢迎提交[Issues](https://github.com/L-codes/oneshellcrack/issues)和[Pull Requests](https://github.com/L-codes/oneshellcrack/pulls)