74 lines
2.5 KiB
Go
74 lines
2.5 KiB
Go
package main
|
|
|
|
import (
|
|
"github.com/projectdiscovery/goflags"
|
|
"sync"
|
|
"errors"
|
|
)
|
|
|
|
var onceOptions sync.Once
|
|
var options = &Options{}
|
|
|
|
type Options struct {
|
|
URL string
|
|
Threads int
|
|
// RateLimit int //TODO
|
|
// Header string //TODO
|
|
User string
|
|
UserFile string //TODO
|
|
PassFile string
|
|
// Pass string //password spray TODO
|
|
Proxy string
|
|
// Verbose bool
|
|
}
|
|
|
|
|
|
func ParseOptions() (*Options,error) {
|
|
|
|
var err error
|
|
|
|
onceOptions.Do(func() {
|
|
|
|
|
|
flagSet := goflags.NewFlagSet()
|
|
flagSet.SetDescription("Owncloud_bruteforcer - tool to bruteforce user")
|
|
|
|
// single flag example
|
|
// flagSet.StringVarP(&options.Target, "t", "target", "", "target host or IP to scan")
|
|
|
|
flagSet.CreateGroup("input", "Input",
|
|
flagSet.StringVarP(&options.URL, "u", "url", "", "target's url to login page. Example \"https://example.com/index.php/login, http://example.com/login \""),
|
|
// flagSet.StringVarP(&options.RateLimit, "rt", "rate", "", "rate limit packets per second"),
|
|
// flagSet.StringVarP(&options.Header, "u", "url", "", "target's url to login page. Example \"https://example.com/index.php/login, http://example.com/login \""),
|
|
flagSet.StringVarP(&options.User, "l", "login", "admin", "username to bruteforce"),
|
|
flagSet.StringVarP(&options.UserFile, "L", "login-wordlist", "", "username wordlist"),
|
|
flagSet.StringVarP(&options.PassFile, "P", "password-wordlist", "", "Password wordlist"),
|
|
flagSet.StringVarP(&options.Proxy, "x", "proxy", "", "HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays. Also expect bigger CPU/RAM usage, use for testing"),
|
|
flagSet.IntVarP(&options.Threads, "t", "threads", 10, "threads to bruteforce (expect ~7 packets/s per thread, but rate limited by web-server or reverese-proxy to 40 pps)"), //TODO add estimate counter to packets/s
|
|
// flagSet.StringVarP(&options.URL, "u", "url", "", "target's url to login page. Example \"https://example.com/index.php/login, http://example.com/login \""),
|
|
)
|
|
_ = flagSet.Parse()
|
|
// // TODO error handler???
|
|
//
|
|
//
|
|
//
|
|
err = options.SanityCheck()
|
|
//
|
|
//
|
|
})
|
|
|
|
|
|
|
|
return options,err
|
|
}
|
|
|
|
|
|
func (options *Options) SanityCheck() error {
|
|
|
|
if options.URL == "" {return errors.New("-u flag must present")}
|
|
if options.PassFile == "" {return errors.New("-P flag must present")}
|
|
if options.User != "admin" && options.UserFile != "" {return errors.New("-l and -L both flags present ")}
|
|
|
|
return nil
|
|
}
|