Merge branch 'main' of ssh://git.sual.in/casual/owncloud_bruteforcer

test

main.go

@@ -12,6 +12,7 @@ import (
 	"crypto/tls"
 	"bufio"
 	"sync"
+	// "runtime"
 	// "encoding/json"
 	// "iouti"
 )
@@ -21,7 +22,7 @@ import (
 func getCSRFtoken(url string) (token,cookie string) { // + cookie
 
 	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
-
+	//TODO make it at least a bit look legit (add headers, etc)
 	res,err := http.Get(url)
 	errHandler(err, "can't connect to server")
 		
@@ -187,6 +188,7 @@ func main() {
 			fmt.Println("User -",user)
 		
 			options.bruteforce(user)
+			// runtime.GC() //TODO might a hack to free memory, need to learn more where it's allocated. My guess it's channel. P.S. Yep, it is
 		
 		}
 	} else {
@@ -204,18 +206,16 @@ func (options Options) bruteforce(user string) {
 		passwords := bufio.NewScanner(passFile)
 		passwords.Split(bufio.ScanLines)
 
-		pass := make(chan string, 1000000000) // rockyou - 14344391
+		// pass := make(chan string, 15000001) // rockyou - 14,344,391
+		pass := make(chan string, 1000) // primarly we need big enough buffer to prevent slowdown for workers, so we kinda expect less then 1000 workers/threads 
 
-		for passwords.Scan() {
+		go func() {
-			// fmt.Println("add pass - ",passwords.Text())
+			for passwords.Scan() { //TODO BUG constantly rereads file to write it to channel. Better way would be to write it in string/[]string var and then from it write to channel. Doubles memory but we don't rely on reading file from HDD which might be busy slowing down burteforce
-			pass <- string(passwords.Text())
+				pass <- string(passwords.Text())
-			// fmt.Println("ASDASDAS")
+			} 
-		} //TODO ERROR
+			close(pass)
-		close(pass)
+		}()
 		
-							// fmt.Println("ASDASDAS")
-
-					// fmt.Println(pass)
 		var foundPass = false
 		// for _ := range options.Threads {
 		for i:=0; i<options.Threads && ! foundPass; i++  {

options.go

@@ -19,7 +19,7 @@ type Options struct {
 	PassFile	string
 	// Pass  	string //password spray TODO
 	Proxy	string
-	Verbose   bool
+	// Verbose   bool
 }
 
 
@@ -43,8 +43,8 @@ func ParseOptions() (*Options,error) {
 			flagSet.StringVarP(&options.User, "l", "login", "admin", "username to bruteforce"),
 			flagSet.StringVarP(&options.UserFile, "L", "login-wordlist", "", "username wordlist"),
 			flagSet.StringVarP(&options.PassFile, "P", "password-wordlist", "", "Password wordlist"),
-			flagSet.StringVarP(&options.Proxy, "x", "proxy", "", "HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays"),
+			flagSet.StringVarP(&options.Proxy, "x", "proxy", "", "HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays. Also expect bigger CPU/RAM usage, use for testing"),
-			flagSet.IntVarP(&options.Threads, "t", "threads", 10, "threads to bruteforce"), //TODO add estimate counter to packets/s
+			flagSet.IntVarP(&options.Threads, "t", "threads", 10, "threads to bruteforce (expect ~7 packets/s per thread, but rate limited by web-server or reverese-proxy to 40 pps)"), //TODO add estimate counter to packets/s
 			// flagSet.StringVarP(&options.URL, "u", "url", "", "target's url to login page. Example \"https://example.com/index.php/login, http://example.com/login \""),
 		)
 		_ = flagSet.Parse()
@@ -65,6 +65,8 @@ func ParseOptions() (*Options,error) {
 
 func (options *Options) SanityCheck() error {
 
+	if options.URL == "" {return errors.New("-u flag must present")}
+	if options.PassFile == "" {return errors.New("-P flag must present")}
 	if options.User != "admin" && options.UserFile != "" {return errors.New("-l and -L both flags present ")}
 
 	return nil