python的排列组合
目录
1 # 0x01 需求
Python requirements:
- itertools
- hashlib
2 # 0x02
测试的时候可能会发现提交的数据中有类似“sign”这样的值,这个值有很多时候是作为校验存在的,同时因为是加密后的密文所以难以被猜解,那么,有一种思路是这样的,这个值是请求包中的某个值或者某几个值进行加密,作为sign,这样既方便后端的校验,也同样保证了安全性。
所以需要对这个值进行Fuzz,说不定思路就对了呢~
Usage: python test.py test.py 3
数字指定随机组合的位数,示例中的3标识,随机选取3个进行随机组合
#!/usr/bin/python
# -*- encoding: utf-8 -*-
# import md5
import hashlib
import itertools
from itertools import product
import sys
from termcolor import cprint
def permutations_md5(origin):
try:
md5_value = hashlib.md5(origin).hexdigest()
print md5_value
except Exception as e:
cprint('md5 error:', 'red')
print "check your origin value."
def permutations(data, value):
data_array = []
for line in data:
data_array.append(line.strip('\n'))
data_list = list(product(data_array, repeat=int(value)))
for i in range(len(data_list)):
md5_origin = ''
for ii in range(int(value)):
md5_origin += data_list[i][ii]
permutations_md5(md5_origin)
cprint("\n The process is Complete!", 'green')
def main():
path = sys.argv[1]
random_int = sys.argv[2]
keys = open(path, 'r')
keys_data = keys.readlines()
if int(random_int) > len(keys_data):
cprint("The value is to big.", 'red')
else:
permutations(keys_data, random_int)
if __name__ == "__main__":
main()
如果你觉得这篇文章对你有所帮助,欢迎赞赏~
