This script is designed to brute force 4-digit recovery codes for a password reset endpoint in a legal and authorized environment. It supports high concurrency, customizable headers, and real-time progress tracking.
- High-speed brute force with concurrency (up to 100 simultaneous requests).
- Real-time progress tracking using a dynamic progress bar.
- Customizable HTTP headers, including
X-Forwarded-Forfor bypassing IP restrictions. - Fully asynchronous, leveraging Python's
aiohttplibrary for optimal performance.
- Sends POST requests to the target password reset endpoint.
- Iterates through all possible 4-digit recovery codes (0000–9999).
- Detects and stops upon finding a valid recovery code.
- Outputs the progress and results in the terminal.
- Python: Version 3.7 or higher.
- Dependencies: Install them with
pip:pip install aiohttp tqdm
-
Clone the repository:
git clone https://github.com/yourusername/password-recovery-cracker.git cd password-recovery-cracker -
Edit the script:
- Replace
session_cookiewith your actualPHPSESSIDvalue. - Update the target URL (
url) if needed.
- Replace
-
Run the script:
python Hammer-q1.py
[INFO] 脚本开始运行
破解进度: 45%|███████████████▌ | 4500/10000 [00:10<00:12, 450codes/s]
[+] 找到有效验证码: 3121
[INFO] 脚本运行完成
- Legal Disclaimer: This script is for educational and ethical penetration testing purposes only. Ensure you have proper authorization before using this tool.
- For large-scale tasks, adjust concurrency (
100 tasks at a time) in the script.
Feel free to contribute to this project by submitting issues or pull requests. Suggestions for performance optimization are welcome.