43 lines
1.3 KiB
Markdown
43 lines
1.3 KiB
Markdown
# owncloud_bruteforcer
|
|
|
|
Simple tool to bruteforce owncloud instance
|
|
|
|
# Description
|
|
|
|
Tool make GET request to acquire CSRF token + cookies and make POST request with given username and password wordlist.
|
|
|
|
## Installation
|
|
|
|
`go install git.sual.in/casual/owncloud_bruteforcer@latest`
|
|
|
|
## Example usage
|
|
|
|
```
|
|
owncloud_bruteforce -u "https://target.com/login" -P ./rockyou.txt
|
|
```
|
|
|
|
## Help
|
|
|
|
```
|
|
Owncloud_bruteforcer - tool to bruteforce user
|
|
|
|
Usage:
|
|
owncloud_bruteforcer [flags]
|
|
|
|
Flags:
|
|
INPUT:
|
|
-url, -u string target's url to login page. Example "https://example.com/index.php/login, http://example.com/login "
|
|
-login, -l string username to bruteforce (default "admin")
|
|
-login-wordlist, -L string username wordlist
|
|
-password-wordlist, -P string Password wordlist
|
|
-proxy, -x string HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays
|
|
-threads, -t int threads to bruteforce (default 10)
|
|
```
|
|
|
|
## Notes
|
|
|
|
- Successful login detected by redirect location after POST request. If user have 2FA, then app will not show found login:password.
|
|
- If
|
|
|
|
# License
|
|
This project is licensed under the MIT License - see the LICENSE file for details |