Compare commits
5 Commits
af45392d9a
...
15aa148040
Author | SHA1 | Date | |
---|---|---|---|
15aa148040 | |||
0e185e156d | |||
26f96f3438 | |||
232ca05679 | |||
c50659c299 |
24
main.go
24
main.go
@ -12,6 +12,7 @@ import (
|
|||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"bufio"
|
"bufio"
|
||||||
"sync"
|
"sync"
|
||||||
|
// "runtime"
|
||||||
// "encoding/json"
|
// "encoding/json"
|
||||||
// "iouti"
|
// "iouti"
|
||||||
)
|
)
|
||||||
@ -21,7 +22,7 @@ import (
|
|||||||
func getCSRFtoken(url string) (token,cookie string) { // + cookie
|
func getCSRFtoken(url string) (token,cookie string) { // + cookie
|
||||||
|
|
||||||
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
|
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
|
||||||
|
//TODO make it at least a bit look legit (add headers, etc)
|
||||||
res,err := http.Get(url)
|
res,err := http.Get(url)
|
||||||
errHandler(err, "can't connect to server")
|
errHandler(err, "can't connect to server")
|
||||||
|
|
||||||
@ -187,6 +188,7 @@ func main() {
|
|||||||
fmt.Println("User -",user)
|
fmt.Println("User -",user)
|
||||||
|
|
||||||
options.bruteforce(user)
|
options.bruteforce(user)
|
||||||
|
// runtime.GC() //TODO might a hack to free memory, need to learn more where it's allocated. My guess it's channel. P.S. Yep, it is
|
||||||
|
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
@ -204,18 +206,16 @@ func (options Options) bruteforce(user string) {
|
|||||||
passwords := bufio.NewScanner(passFile)
|
passwords := bufio.NewScanner(passFile)
|
||||||
passwords.Split(bufio.ScanLines)
|
passwords.Split(bufio.ScanLines)
|
||||||
|
|
||||||
pass := make(chan string, 1000000000) // rockyou - 14344391
|
// pass := make(chan string, 15000001) // rockyou - 14,344,391
|
||||||
|
pass := make(chan string, 1000) // primarly we need big enough buffer to prevent slowdown for workers, so we kinda expect less then 1000 workers/threads
|
||||||
|
|
||||||
for passwords.Scan() {
|
go func() {
|
||||||
// fmt.Println("add pass - ",passwords.Text())
|
for passwords.Scan() { //TODO BUG constantly rereads file to write it to channel. Better way would be to write it in string/[]string var and then from it write to channel. Doubles memory but we don't rely on reading file from HDD which might be busy slowing down burteforce
|
||||||
pass <- string(passwords.Text())
|
pass <- string(passwords.Text())
|
||||||
// fmt.Println("ASDASDAS")
|
}
|
||||||
} //TODO ERROR
|
close(pass)
|
||||||
close(pass)
|
}()
|
||||||
|
|
||||||
// fmt.Println("ASDASDAS")
|
|
||||||
|
|
||||||
// fmt.Println(pass)
|
|
||||||
var foundPass = false
|
var foundPass = false
|
||||||
// for _ := range options.Threads {
|
// for _ := range options.Threads {
|
||||||
for i:=0; i<options.Threads && ! foundPass; i++ {
|
for i:=0; i<options.Threads && ! foundPass; i++ {
|
||||||
|
@ -19,7 +19,7 @@ type Options struct {
|
|||||||
PassFile string
|
PassFile string
|
||||||
// Pass string //password spray TODO
|
// Pass string //password spray TODO
|
||||||
Proxy string
|
Proxy string
|
||||||
Verbose bool
|
// Verbose bool
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -43,8 +43,8 @@ func ParseOptions() (*Options,error) {
|
|||||||
flagSet.StringVarP(&options.User, "l", "login", "admin", "username to bruteforce"),
|
flagSet.StringVarP(&options.User, "l", "login", "admin", "username to bruteforce"),
|
||||||
flagSet.StringVarP(&options.UserFile, "L", "login-wordlist", "", "username wordlist"),
|
flagSet.StringVarP(&options.UserFile, "L", "login-wordlist", "", "username wordlist"),
|
||||||
flagSet.StringVarP(&options.PassFile, "P", "password-wordlist", "", "Password wordlist"),
|
flagSet.StringVarP(&options.PassFile, "P", "password-wordlist", "", "Password wordlist"),
|
||||||
flagSet.StringVarP(&options.Proxy, "x", "proxy", "", "HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays"),
|
flagSet.StringVarP(&options.Proxy, "x", "proxy", "", "HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays. Also expect bigger CPU/RAM usage, use for testing"),
|
||||||
flagSet.IntVarP(&options.Threads, "t", "threads", 10, "threads to bruteforce"), //TODO add estimate counter to packets/s
|
flagSet.IntVarP(&options.Threads, "t", "threads", 10, "threads to bruteforce (expect ~7 packets/s per thread, but rate limited by web-server or reverese-proxy to 40 pps)"), //TODO add estimate counter to packets/s
|
||||||
// flagSet.StringVarP(&options.URL, "u", "url", "", "target's url to login page. Example \"https://example.com/index.php/login, http://example.com/login \""),
|
// flagSet.StringVarP(&options.URL, "u", "url", "", "target's url to login page. Example \"https://example.com/index.php/login, http://example.com/login \""),
|
||||||
)
|
)
|
||||||
_ = flagSet.Parse()
|
_ = flagSet.Parse()
|
||||||
@ -65,6 +65,8 @@ func ParseOptions() (*Options,error) {
|
|||||||
|
|
||||||
func (options *Options) SanityCheck() error {
|
func (options *Options) SanityCheck() error {
|
||||||
|
|
||||||
|
if options.URL == "" {return errors.New("-u flag must present")}
|
||||||
|
if options.PassFile == "" {return errors.New("-P flag must present")}
|
||||||
if options.User != "admin" && options.UserFile != "" {return errors.New("-l and -L both flags present ")}
|
if options.User != "admin" && options.UserFile != "" {return errors.New("-l and -L both flags present ")}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
Loading…
Reference in New Issue
Block a user