owncloud_bruteforcer/options.go

package main

import (
	"github.com/projectdiscovery/goflags"
	"sync"
	"errors"
)

var onceOptions sync.Once
var options = &Options{}

type Options struct {
	URL    string 
	Threads	int
	// RateLimit int //TODO
	// Header	  string //TODO
	User string
	UserFile string //TODO
	PassFile	string
	// Pass  	string //password spray TODO
	Proxy	string
	// Verbose   bool
}


func ParseOptions() (*Options,error) {

	var err error

	onceOptions.Do(func() {


		flagSet := goflags.NewFlagSet()
		flagSet.SetDescription("Owncloud_bruteforcer - tool to bruteforce user")

		// single flag example
		// flagSet.StringVarP(&options.Target, "t", "target", "", "target host or IP to scan")

		flagSet.CreateGroup("input", "Input",
			flagSet.StringVarP(&options.URL, "u", "url", "", "target's url to login page. Example \"https://example.com/index.php/login, http://example.com/login \""),
			// flagSet.StringVarP(&options.RateLimit, "rt", "rate", "", "rate limit packets per second"),
			// flagSet.StringVarP(&options.Header, "u", "url", "", "target's url to login page. Example \"https://example.com/index.php/login, http://example.com/login \""),
			flagSet.StringVarP(&options.User, "l", "login", "admin", "username to bruteforce"),
			flagSet.StringVarP(&options.UserFile, "L", "login-wordlist", "", "username wordlist"),
			flagSet.StringVarP(&options.PassFile, "P", "password-wordlist", "", "Password wordlist"),
			flagSet.StringVarP(&options.Proxy, "x", "proxy", "", "HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays. Also expect bigger CPU/RAM usage, use for testing"),
			flagSet.IntVarP(&options.Threads, "t", "threads", 10, "threads to bruteforce (expect ~7 packets/s per thread, but rate limited by web-server or reverese-proxy to 40 pps)"), //TODO add estimate counter to packets/s
			// flagSet.StringVarP(&options.URL, "u", "url", "", "target's url to login page. Example \"https://example.com/index.php/login, http://example.com/login \""),
		)
		_ = flagSet.Parse()
// 		// TODO error handler???
// 
// 
// 
		err = options.SanityCheck()
// 		
// 	
	})

	
	return options,err
}


func (options *Options) SanityCheck() error {

	if options.URL == "" {return errors.New("-u flag must present")}
	if options.PassFile == "" {return errors.New("-P flag must present")}
	if options.User != "admin" && options.UserFile != "" {return errors.New("-l and -L both flags present ")}

	return nil
}
v1 2024-04-10 01:28:08 +00:00			`package main`

			`import (`
			`"github.com/projectdiscovery/goflags"`
			`"sync"`
			`"errors"`
			`)`

			`var onceOptions sync.Once`
			`var options = &Options{}`

			`type Options struct {`
			`URL string`
			`Threads int`
			`// RateLimit int //TODO`
			`// Header string //TODO`
			`User string`
			`UserFile string //TODO`
			`PassFile string`
			`// Pass string //password spray TODO`
			`Proxy string`
RAM consumption fix 2024-04-10 22:40:10 +00:00			`// Verbose bool`
v1 2024-04-10 01:28:08 +00:00			`}`


			`func ParseOptions() (*Options,error) {`

			`var err error`

			`onceOptions.Do(func() {`


			`flagSet := goflags.NewFlagSet()`
			`flagSet.SetDescription("Owncloud_bruteforcer - tool to bruteforce user")`

			`// single flag example`
			`// flagSet.StringVarP(&options.Target, "t", "target", "", "target host or IP to scan")`

			`flagSet.CreateGroup("input", "Input",`
			`flagSet.StringVarP(&options.URL, "u", "url", "", "target's url to login page. Example \"https://example.com/index.php/login, http://example.com/login \""),`
			`// flagSet.StringVarP(&options.RateLimit, "rt", "rate", "", "rate limit packets per second"),`
			`// flagSet.StringVarP(&options.Header, "u", "url", "", "target's url to login page. Example \"https://example.com/index.php/login, http://example.com/login \""),`
			`flagSet.StringVarP(&options.User, "l", "login", "admin", "username to bruteforce"),`
			`flagSet.StringVarP(&options.UserFile, "L", "login-wordlist", "", "username wordlist"),`
			`flagSet.StringVarP(&options.PassFile, "P", "password-wordlist", "", "Password wordlist"),`
small help update 2024-04-10 22:52:06 +00:00			`flagSet.StringVarP(&options.Proxy, "x", "proxy", "", "HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays. Also expect bigger CPU/RAM usage, use for testing"),`
small help update 2024-04-10 22:50:21 +00:00			`flagSet.IntVarP(&options.Threads, "t", "threads", 10, "threads to bruteforce (expect ~7 packets/s per thread, but rate limited by web-server or reverese-proxy to 40 pps)"), //TODO add estimate counter to packets/s`
v1 2024-04-10 01:28:08 +00:00			`// flagSet.StringVarP(&options.URL, "u", "url", "", "target's url to login page. Example \"https://example.com/index.php/login, http://example.com/login \""),`
			`)`
			`_ = flagSet.Parse()`
			`// // TODO error handler???`
			`//`
			`//`
			`//`
			`err = options.SanityCheck()`
			`//`
			`//`
			`})`



			`return options,err`
			`}`


			`func (options *Options) SanityCheck() error {`

options sanity check update 2024-04-12 04:33:54 +00:00			`if options.URL == "" {return errors.New("-u flag must present")}`
			`if options.PassFile == "" {return errors.New("-P flag must present")}`
v1 2024-04-10 01:28:08 +00:00			`if options.User != "admin" && options.UserFile != "" {return errors.New("-l and -L both flags present ")}`

			`return nil`
			`}`