casual/owncloud_bruteforcer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
casual 2024-04-11 09:25:49 +00:00
parent 726c4f89c8
commit af45392d9a
1 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
README.md
View File

@ -2,21 +2,19 @@
Simple tool to bruteforce owncloud instance Simple tool to bruteforce owncloud instance
# Description ## Description
Tool make GET request to acquire CSRF token + cookies and make POST request with given username and password wordlist. Tool make GET request to acquire CSRF token + cookies and make POST request with given username and password wordlist.
## Installation ### Installation
`go install git.sual.in/casual/owncloud_bruteforcer@latest` `go install git.sual.in/casual/owncloud_bruteforcer@latest`
## Example usage ### Example
``` `owncloud_bruteforce -u "https://target.com/login" -P ./rockyou.txt`
owncloud_bruteforce -u "https://target.com/login" -P ./rockyou.txt
```
## Help ### Help
``` ```
Owncloud_bruteforcer - tool to bruteforce user Owncloud_bruteforcer - tool to bruteforce user
@ -29,15 +27,16 @@ INPUT:
-url, -u string target's url to login page. Example "https://example.com/index.php/login, http://example.com/login " -url, -u string target's url to login page. Example "https://example.com/index.php/login, http://example.com/login "
-login, -l string username to bruteforce (default "admin") -login, -l string username to bruteforce (default "admin")
-login-wordlist, -L string username wordlist -login-wordlist, -L string username wordlist
-password-wordlist, -P string Password wordlist -password-wordlist, -P string password wordlist
-proxy, -x string HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays -proxy, -x string HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays
-threads, -t int threads to bruteforce (default 10) -threads, -t int threads to bruteforce (default 10)
``` ```
## Notes ## Notes (TODO)
- Successful login detected by redirect location after POST request. If user have 2FA, then app will not show found login:password. - Successful login detected by redirect location after POST request. If user have 2FA, then app will not show found login:password.
- If - If there is internet connection problem or WAF/rate-limit/etc blocked you, you may recieve `can't create (POST) request: Post "https://target.com/login": context deadline exceeded (Client.Timeout exceeded while awaiting headers)`
- There is way to bruteforce administrator account which use different endpoint, possibly can allow to bruteforce admin account in same time without slowing down current version of tool
# License ## License
This project is licensed under the MIT License - see the LICENSE file for details This project is licensed under the MIT License - see the LICENSE file for details. I am not responsible for any actions or damage.