owncloud_bruteforcer/README.md

# owncloud_bruteforcer

Simple tool to bruteforce owncloud instance

# Description

Tool make GET request to acquire CSRF token + cookies and make POST request with given username and password wordlist.

## Installation

`go install git.sual.in/casual/owncloud_bruteforcer@latest`

## Example usage

```
owncloud_bruteforce -u "https://target.com/login" -P ./rockyou.txt
```

## Help

```
Owncloud_bruteforcer - tool to bruteforce user

Usage:
  owncloud_bruteforcer [flags]

Flags:
INPUT:
   -url, -u string                target's url to login page. Example "https://example.com/index.php/login, http://example.com/login "
   -login, -l string              username to bruteforce (default "admin")
   -login-wordlist, -L string     username wordlist
   -password-wordlist, -P string  Password wordlist
   -proxy, -x string              HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays
   -threads, -t int               threads to bruteforce (default 10)
```

## Notes

 - Successful login detected by redirect location after POST request. If user have 2FA, then app will not show found login:password.
 - If 

# License
This project is licensed under the MIT License - see the LICENSE file for details
Initial commit 2024-03-23 19:18:07 +00:00			`# owncloud_bruteforcer`

Update README.md 2024-04-11 09:14:28 +00:00			`Simple tool to bruteforce owncloud instance`
license 2024-04-10 01:45:38 +00:00
Update README.md 2024-04-11 09:14:28 +00:00			`# Description`

			`Tool make GET request to acquire CSRF token + cookies and make POST request with given username and password wordlist.`

			`## Installation`

			`go install git.sual.in/casual/owncloud_bruteforcer@latest`

Update README.md 2024-04-11 09:18:29 +00:00			`## Example usage`

			```
			`owncloud_bruteforce -u "https://target.com/login" -P ./rockyou.txt`
			```

Update README.md 2024-04-11 09:14:28 +00:00			`## Help`

			```
			`Owncloud_bruteforcer - tool to bruteforce user`

			`Usage:`
			`owncloud_bruteforcer [flags]`

			`Flags:`
			`INPUT:`
			`-url, -u string target's url to login page. Example "https://example.com/index.php/login, http://example.com/login "`
			`-login, -l string username to bruteforce (default "admin")`
			`-login-wordlist, -L string username wordlist`
			`-password-wordlist, -P string Password wordlist`
			`-proxy, -x string HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays`
			`-threads, -t int threads to bruteforce (default 10)`
			```

			`## Notes`

			`- Successful login detected by redirect location after POST request. If user have 2FA, then app will not show found login:password.`
Update README.md 2024-04-11 09:18:29 +00:00			`- If`
Update README.md 2024-04-11 09:14:28 +00:00
			`# License`
			`This project is licensed under the MIT License - see the LICENSE file for details`