Compare commits
No commits in common. "15aa1480406bb7a9209b23426aec4ba059e0fa30" and "af45392d9a876199479bca9d73d2a359ae9dbb7f" have entirely different histories.
15aa148040
...
af45392d9a
24
main.go
24
main.go
@ -12,7 +12,6 @@ import (
|
||||
"crypto/tls"
|
||||
"bufio"
|
||||
"sync"
|
||||
// "runtime"
|
||||
// "encoding/json"
|
||||
// "iouti"
|
||||
)
|
||||
@ -22,7 +21,7 @@ import (
|
||||
func getCSRFtoken(url string) (token,cookie string) { // + cookie
|
||||
|
||||
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
|
||||
//TODO make it at least a bit look legit (add headers, etc)
|
||||
|
||||
res,err := http.Get(url)
|
||||
errHandler(err, "can't connect to server")
|
||||
|
||||
@ -188,7 +187,6 @@ func main() {
|
||||
fmt.Println("User -",user)
|
||||
|
||||
options.bruteforce(user)
|
||||
// runtime.GC() //TODO might a hack to free memory, need to learn more where it's allocated. My guess it's channel. P.S. Yep, it is
|
||||
|
||||
}
|
||||
} else {
|
||||
@ -206,16 +204,18 @@ func (options Options) bruteforce(user string) {
|
||||
passwords := bufio.NewScanner(passFile)
|
||||
passwords.Split(bufio.ScanLines)
|
||||
|
||||
// pass := make(chan string, 15000001) // rockyou - 14,344,391
|
||||
pass := make(chan string, 1000) // primarly we need big enough buffer to prevent slowdown for workers, so we kinda expect less then 1000 workers/threads
|
||||
pass := make(chan string, 1000000000) // rockyou - 14344391
|
||||
|
||||
go func() {
|
||||
for passwords.Scan() { //TODO BUG constantly rereads file to write it to channel. Better way would be to write it in string/[]string var and then from it write to channel. Doubles memory but we don't rely on reading file from HDD which might be busy slowing down burteforce
|
||||
pass <- string(passwords.Text())
|
||||
}
|
||||
close(pass)
|
||||
}()
|
||||
|
||||
for passwords.Scan() {
|
||||
// fmt.Println("add pass - ",passwords.Text())
|
||||
pass <- string(passwords.Text())
|
||||
// fmt.Println("ASDASDAS")
|
||||
} //TODO ERROR
|
||||
close(pass)
|
||||
|
||||
// fmt.Println("ASDASDAS")
|
||||
|
||||
// fmt.Println(pass)
|
||||
var foundPass = false
|
||||
// for _ := range options.Threads {
|
||||
for i:=0; i<options.Threads && ! foundPass; i++ {
|
||||
|
@ -19,7 +19,7 @@ type Options struct {
|
||||
PassFile string
|
||||
// Pass string //password spray TODO
|
||||
Proxy string
|
||||
// Verbose bool
|
||||
Verbose bool
|
||||
}
|
||||
|
||||
|
||||
@ -43,8 +43,8 @@ func ParseOptions() (*Options,error) {
|
||||
flagSet.StringVarP(&options.User, "l", "login", "admin", "username to bruteforce"),
|
||||
flagSet.StringVarP(&options.UserFile, "L", "login-wordlist", "", "username wordlist"),
|
||||
flagSet.StringVarP(&options.PassFile, "P", "password-wordlist", "", "Password wordlist"),
|
||||
flagSet.StringVarP(&options.Proxy, "x", "proxy", "", "HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays. Also expect bigger CPU/RAM usage, use for testing"),
|
||||
flagSet.IntVarP(&options.Threads, "t", "threads", 10, "threads to bruteforce (expect ~7 packets/s per thread, but rate limited by web-server or reverese-proxy to 40 pps)"), //TODO add estimate counter to packets/s
|
||||
flagSet.StringVarP(&options.Proxy, "x", "proxy", "", "HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays"),
|
||||
flagSet.IntVarP(&options.Threads, "t", "threads", 10, "threads to bruteforce"), //TODO add estimate counter to packets/s
|
||||
// flagSet.StringVarP(&options.URL, "u", "url", "", "target's url to login page. Example \"https://example.com/index.php/login, http://example.com/login \""),
|
||||
)
|
||||
_ = flagSet.Parse()
|
||||
@ -65,8 +65,6 @@ func ParseOptions() (*Options,error) {
|
||||
|
||||
func (options *Options) SanityCheck() error {
|
||||
|
||||
if options.URL == "" {return errors.New("-u flag must present")}
|
||||
if options.PassFile == "" {return errors.New("-P flag must present")}
|
||||
if options.User != "admin" && options.UserFile != "" {return errors.New("-l and -L both flags present ")}
|
||||
|
||||
return nil
|
||||
|
Loading…
Reference in New Issue
Block a user