2G2SX5kc

· 5 years ago · Sep 09, 2020, 10:12 PM
1# This module was inspired by: https://youtu.be/Q10Y5m1fQ7Fk
2# Use at your own risk.
3
4import json
5import random
6import urllib.request
7import time
8import string
9
10
11class MaliciousFormSpammer:
12    def get_list_from_json_source_url(self, url: str) -> list:
13        return json.loads(urllib.request.urlopen(url).read().decode('utf-8'))
14
15    def get_random_password(self) -> str:
16        return "".join(random.choices(population=self.PASSWORD_SOURCE,
17                                      k=random.randint(8, 12))
18                       )
19
20    def get_random_email(self) -> str:
21        return (random.choice(self.FIRST_NAMES) + "." +
22                random.choice(self.LAST_NAMES) + "@" +
23                random.choice(self.EMAIL_PROVIDERS)
24                ).lower()
25
26    def get_random_payload(self) -> str:
27        return json.dumps({"email": self.get_random_email(),
28                           "password": self.get_random_password()})
29
30    def send_random_request_to_target(self, target_url: str) -> tuple:
31        response = urllib.request.urlopen(
32            urllib.request.Request(target_url,
33                                   data=(payload := self.get_random_payload())
34                                   .encode('utf-8')
35                                   )
36        )
37        return payload, response.read().decode('utf-8'), response.code
38
39    def send_random_request(self) -> tuple:
40        return self.send_random_request_to_target(self.TARGET_URL)
41
42    def __init__(self, target_url: str):
43        self.FIRST_NAMES_URL = "https://raw.githubusercontent.com/dominictarr/random-name/master/first-names.json"
44        self.LAST_NAMES_URL = "https://raw.githubusercontent.com/dominictarr/random-name/master/names.json"
45        self.EMAIL_PROVIDERS = ["gmail.com", "gmx.net", "web.de", "yahoo.com", "hotmail.com", "aol.com", "hotmail.co.uk", "hotmail.fr", "msn.com",
46                                "yahoo.fr", "wanadoo.fr", "orange.fr", "comcast.net", "yahoo.co.uk", "yahoo.com.br", "yahoo.co.in", "live.com", "rediffmail.com", "free.fr"]
47        self.FIRST_NAMES = self.get_list_from_json_source_url(
48            self.FIRST_NAMES_URL)
49        self.LAST_NAMES = self.get_list_from_json_source_url(
50            self.LAST_NAMES_URL)
51        self.PASSWORD_SOURCE = string.ascii_letters + string.digits + \
52            string.punctuation
53        self.TARGET_URL = target_url
54
55
56def spam_malicious_form_url(target_url: str,
57                            print_results: bool = True,
58                            max_messages: int = None,
59                            pause_interval=[1, 3]) -> None:
60    """Send fake email and password data at specified URL.
61
62    Args:
63        target_url (str): Target URL.
64        print_results (bool, optional): Defaults to True.
65        max_messages (int, optional): Number of Spam messages.
66                                        None means infinite. Defaults to None.
67        pause_interval (list, optional): min and max pause duration between
68                                            spam messages. Defaults to [1, 3].
69    """
70    spammer = MaliciousFormSpammer(target_url)
71    counter = 0
72    while not bool(max_messages) or counter < max_messages:
73        counter += 1
74        payload, response, response_code = spammer.send_random_request()
75        sleep_time = random.randint(*pause_interval) if pause_interval else 0
76        if print_results:
77            print("Sent payload #{}:".format(counter), payload,
78                  "and got response:", response, "with code:", response_code)
79            print("Sleeping for", sleep_time, "seconds!")
80        time.sleep(sleep_time)
81
82
83if __name__ == "__main__":
84    target_url = "https://chalkwoodhouse.co.za/dss/next.php"
85    spam_malicious_form_url(target_url)
86