BruteForcer progress bar
This commit is contained in:
erwanlr
1
Gemfile
1
Gemfile
@@ -6,6 +6,7 @@ gem "ethon", "=0.5.10"
|
|||||||
gem "nokogiri"
|
gem "nokogiri"
|
||||||
gem "json"
|
gem "json"
|
||||||
gem "terminal-table"
|
gem "terminal-table"
|
||||||
|
gem "ruby-progressbar"
|
||||||
|
|
||||||
group :development, :test do
|
group :development, :test do
|
||||||
gem "webmock", ">=1.9.3"
|
gem "webmock", ">=1.9.3"
|
||||||
|
|||||||
@@ -76,7 +76,7 @@ class File
|
|||||||
#
|
#
|
||||||
# @return [ String ] The charset of the file
|
# @return [ String ] The charset of the file
|
||||||
def self.charset(file_path)
|
def self.charset(file_path)
|
||||||
%x{file -i #{file_path}}[%r{charset=([^\n]+)\n}, 1]
|
%x{file -i "#{file_path}"}[%r{charset=([^\n]+)\n}, 1]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
@@ -12,37 +12,38 @@ class WpUser < WpItem
|
|||||||
def brute_force(wordlist, options = {})
|
def brute_force(wordlist, options = {})
|
||||||
hydra = Browser.instance.hydra
|
hydra = Browser.instance.hydra
|
||||||
passwords = BruteForcable.passwords_from_wordlist(wordlist)
|
passwords = BruteForcable.passwords_from_wordlist(wordlist)
|
||||||
number_of_passwords = passwords.size
|
login = self.login
|
||||||
login_url = @uri.merge('wp-login.php').to_s
|
login_url = @uri.merge('wp-login.php').to_s
|
||||||
queue_count = 0
|
queue_count = 0
|
||||||
request_count = 0
|
found = false
|
||||||
|
progress_bar = ProgressBar.create(format: '%t %a <%B> (%c / %C) %P%% %e',
|
||||||
|
title: " Brute Forcing user '#{login}'",
|
||||||
|
length: 120,
|
||||||
|
total: passwords.size) if options[:show_progression]
|
||||||
|
|
||||||
passwords.each do |password|
|
passwords.each do |password|
|
||||||
request_count += 1
|
|
||||||
queue_count += 1
|
queue_count += 1
|
||||||
login = self.login
|
|
||||||
|
|
||||||
request = Browser.instance.forge_request(login_url,
|
request = Browser.instance.forge_request(login_url,
|
||||||
{
|
|
||||||
method: :post,
|
method: :post,
|
||||||
body: { log: login, pwd: password },
|
body: { log: login, pwd: password },
|
||||||
cache_ttl: 0
|
cache_ttl: 0
|
||||||
}
|
|
||||||
)
|
)
|
||||||
|
|
||||||
request.on_complete do |response|
|
request.on_complete do |response|
|
||||||
puts "\n Trying Username : #{login} Password : #{password}" if options[:verbose]
|
puts "\n Trying Username : #{login} Password : #{password}" if options[:verbose]
|
||||||
|
|
||||||
|
progress_bar.progress += 1 if options[:show_progression] && !found
|
||||||
|
|
||||||
if valid_password?(response, password, options)
|
if valid_password?(response, password, options)
|
||||||
self.password = password
|
self.password = password
|
||||||
|
found = true
|
||||||
return # Used as break
|
return # Used as break
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
hydra.queue(request)
|
hydra.queue(request)
|
||||||
|
|
||||||
print "\r Brute forcing user '#{login}' with #{number_of_passwords} passwords... #{(request_count * 100) / number_of_passwords}% complete." if options[:show_progression]
|
|
||||||
|
|
||||||
# it can take a long time to queue 2 million requests,
|
# it can take a long time to queue 2 million requests,
|
||||||
# for that reason, we queue @threads, send @threads, queue @threads and so on.
|
# for that reason, we queue @threads, send @threads, queue @threads and so on.
|
||||||
# hydra.run only returns when it has recieved all of its,
|
# hydra.run only returns when it has recieved all of its,
|
||||||
@@ -57,7 +58,6 @@ class WpUser < WpItem
|
|||||||
|
|
||||||
# run all of the remaining requests
|
# run all of the remaining requests
|
||||||
hydra.run
|
hydra.run
|
||||||
puts if options[:show_progression]
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# @param [ Typhoeus::Response ] response
|
# @param [ Typhoeus::Response ] response
|
||||||
@@ -69,22 +69,22 @@ class WpUser < WpItem
|
|||||||
# @return [ Boolean ]
|
# @return [ Boolean ]
|
||||||
def valid_password?(response, password, options = {})
|
def valid_password?(response, password, options = {})
|
||||||
if response.code == 302
|
if response.code == 302
|
||||||
puts "\n " + green('[SUCCESS]') + " Login : #{login} Password : #{password}\n" if options[:show_progression]
|
puts "\n " + green('[SUCCESS]') + " Login : #{login} Password : #{password}\n\n" if options[:show_progression]
|
||||||
return true
|
return true
|
||||||
elsif response.body =~ /login_error/i
|
elsif response.body =~ /login_error/i
|
||||||
puts "\nIncorrect login and/or password." if options[:verbose]
|
puts "\n Incorrect login and/or password." if options[:verbose]
|
||||||
elsif response.timed_out?
|
elsif response.timed_out?
|
||||||
puts red('ERROR:') + ' Request timed out.' if options[:show_progression]
|
puts "\n " + red('ERROR:') + ' Request timed out.' if options[:show_progression]
|
||||||
elsif response.code == 0
|
elsif response.code == 0
|
||||||
puts red('ERROR:') + ' No response from remote server. WAF/IPS?' if options[:show_progression]
|
puts "\n " + red('ERROR:') + ' No response from remote server. WAF/IPS?' if options[:show_progression]
|
||||||
elsif response.code.to_s =~ /^50/
|
elsif response.code.to_s =~ /^50/
|
||||||
puts red('ERROR:') + ' Server error, try reducing the number of threads.' if options[:show_progression]
|
puts "\n " + red('ERROR:') + ' Server error, try reducing the number of threads.' if options[:show_progression]
|
||||||
else
|
else
|
||||||
puts "\n" + red('ERROR:') + " We received an unknown response for #{password}..." if options[:show_progression]
|
puts "\n " + red('ERROR:') + " We received an unknown response for #{password}..." if options[:show_progression]
|
||||||
|
|
||||||
# HACK to get the coverage :/ (otherwise some output is present in the rspec)
|
# HACK to get the coverage :/ (otherwise some output is present in the rspec)
|
||||||
puts red("Code: #{response.code}") if options[:verbose]
|
puts red(" Code: #{response.code}") if options[:verbose]
|
||||||
puts red("Body: #{response.body}") if options[:verbose]
|
puts red(" Body: #{response.body}") if options[:verbose]
|
||||||
puts if options[:verbose]
|
puts if options[:verbose]
|
||||||
end
|
end
|
||||||
false
|
false
|
||||||
|
|||||||
@@ -28,6 +28,7 @@ begin
|
|||||||
require 'json'
|
require 'json'
|
||||||
require 'nokogiri'
|
require 'nokogiri'
|
||||||
require 'terminal-table'
|
require 'terminal-table'
|
||||||
|
require 'ruby-progressbar'
|
||||||
# Custom libs
|
# Custom libs
|
||||||
require 'common/browser'
|
require 'common/browser'
|
||||||
require 'common/custom_option_parser'
|
require 'common/custom_option_parser'
|
||||||
|
|||||||
@@ -302,7 +302,6 @@ def main
|
|||||||
if bruteforce
|
if bruteforce
|
||||||
puts
|
puts
|
||||||
puts green('[+]') + ' Starting the password brute forcer'
|
puts green('[+]') + ' Starting the password brute forcer'
|
||||||
puts
|
|
||||||
|
|
||||||
wp_users.brute_force(wpscan_options.wordlist,
|
wp_users.brute_force(wpscan_options.wordlist,
|
||||||
show_progression: true,
|
show_progression: true,
|
||||||
|
|||||||
Reference in New Issue
Block a user