Python的排列组合

# 0x01 需求

Python requirements:

  • itertools
  • hashlib

# 0x02

测试的时候可能会发现提交的数据中有类似“sign”这样的值,这个值有很多时候是作为校验存在的,同时因为是加密后的密文所以难以被猜解,那么,有一种思路是这样的,这个值是请求包中的某个值或者某几个值进行加密,作为sign,这样既方便后端的校验,也同样保证了安全性。

所以需要对这个值进行Fuzz,说不定思路就对了呢~

Usage: python test.py test.py 3

数字指定随机组合的位数,示例中的3标识,随机选取3个进行随机组合

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#!/usr/bin/python
# -*- encoding: utf-8 -*-

# import md5
import hashlib
import itertools
from itertools import product
import sys
from termcolor import cprint


def permutations_md5(origin):
try:
md5_value = hashlib.md5(origin).hexdigest()
print md5_value
except Exception as e:
cprint('md5 error:', 'red')
print "check your origin value."


def permutations(data, value):
data_array = []
for line in data:
data_array.append(line.strip('\n'))
data_list = list(product(data_array, repeat=int(value)))

for i in range(len(data_list)):
md5_origin = ''
for ii in range(int(value)):
md5_origin += data_list[i][ii]
permutations_md5(md5_origin)
cprint("\n The process is Complete!", 'green')

def main():
path = sys.argv[1]
random_int = sys.argv[2]
keys = open(path, 'r')
keys_data = keys.readlines()
if int(random_int) > len(keys_data):
cprint("The value is to big.", 'red')
else:
permutations(keys_data, random_int)


if __name__ == "__main__":
main()