casual/owncloud_bruteforcer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Simple tool to bruteforce owncloud instance
6 Commits 1 Branch 0 Tags 75 KiB
Go 100%
726c4f89c8
Go to file
casual 726c4f89c8 Update README.md
2024-04-11 09:18:29 +00:00
go.mod v1 2024-04-10 04:28:08 +03:00
go.sum v1 2024-04-10 04:28:08 +03:00
LICENSE license 2024-04-10 04:45:38 +03:00
main.go v1 2024-04-10 04:28:08 +03:00
options.go v1 2024-04-10 04:28:08 +03:00
README.md Update README.md 2024-04-11 09:18:29 +00:00

README.md

owncloud_bruteforcer

Simple tool to bruteforce owncloud instance

Description

Tool make GET request to acquire CSRF token + cookies and make POST request with given username and password wordlist.

Installation

go install git.sual.in/casual/owncloud_bruteforcer@latest

Example usage

owncloud_bruteforce -u "https://target.com/login" -P ./rockyou.txt

Help

Owncloud_bruteforcer - tool to bruteforce user

Usage:
  owncloud_bruteforcer [flags]

Flags:
INPUT:
   -url, -u string                target's url to login page. Example "https://example.com/index.php/login, http://example.com/login "
   -login, -l string              username to bruteforce (default "admin")
   -login-wordlist, -L string     username wordlist
   -password-wordlist, -P string  Password wordlist
   -proxy, -x string              HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays
   -threads, -t int               threads to bruteforce (default 10)

Notes

  • Successful login detected by redirect location after POST request. If user have 2FA, then app will not show found login:password.
  • If

License

This project is licensed under the MIT License - see the LICENSE file for details