Use less memory when brute forcing with a large wordlist

lib/common/collections/wp_users/brute_forcable.rb

@@ -5,17 +5,12 @@ class WpUsers < WpItems
 
     # Brute force each wp_user
     #
-    # To avoid loading the wordlist each time in the wp_user instance
-    # It's loaded here, and given to the wp_user
-    #
-    # @param [ String, Array<String> ] wordlist
+    # @param [ String ] wordlist The path to the wordlist
     # @param [ Hash ] options See WpUser::BruteForcable#brute_force
     #
     # @return [ void ]
     def brute_force(wordlist, options = {})
-      passwords = WpUser::BruteForcable.passwords_from_wordlist(wordlist)
-
-      self.each { |wp_user| wp_user.brute_force(passwords, options) }
+      self.each { |wp_user| wp_user.brute_force(wordlist, options) }
     end
 
   end

lib/common/common_helper.rb

@@ -165,3 +165,11 @@ end
 def get_memory_usage
   `ps -o rss= -p #{Process.pid}`.to_i * 1024 # ps returns the value in KB
 end
+
+# Use the wc system command to count the number of lines in the file
+# instead of using File.open which will to much memory for large file (10 times the size of the file)
+#
+# @return [ Integer ] The number of lines in the given file
+def count_file_lines(file)
+  `wc -l #{file.shellescape}`.split[0].to_i
+end

lib/common/models/wp_user/brute_forcable.rb

@@ -13,7 +13,7 @@ class WpUser < WpItem
     # This means that while we are waiting for browser.max_threads,
     # responses, we are waiting...
     #
-    # @param [ String, Array<String> ] wordlist The wordlist path
+    # @param [ String ] wordlist The wordlist path
     # @param [ Hash ] options
     # @option options [ Boolean ] :verbose
     # @option options [ Boolean ] :show_progression
@@ -23,12 +23,13 @@ class WpUser < WpItem
     def brute_force(wordlist, options = {}, redirect_url = nil)
       browser      = Browser.instance
       hydra        = browser.hydra
-      passwords    = BruteForcable.passwords_from_wordlist(wordlist)
       queue_count  = 0
       found        = false
-      progress_bar = self.progress_bar(passwords.size, options)
+      progress_bar = self.progress_bar(count_file_lines(wordlist), options)
 
-      passwords.each do |password|
+      File.open(wordlist).each do |password|
+        password.chop!
+        
         # A successfull login will redirect us to the redirect_to parameter
         # Generate a random one on each request
         unless redirect_url
@@ -123,27 +124,5 @@ class WpUser < WpItem
       valid || false
     end
 
-    # Load the passwords from the wordlist, which can be a file path or
-    # an array or passwords
-    #
-    # @param [ String, Array<String> ] wordlist
-    #
-    # @return [ Array<String> ]
-    def self.passwords_from_wordlist(wordlist)
-      if wordlist.is_a?(String)
-        passwords = []
-
-        File.open(wordlist).each do |line|
-          passwords << line.chop
-        end
-      elsif wordlist.is_a?(Array)
-        passwords = wordlist
-      else
-        raise 'Invalid wordlist, expected String or Array'
-      end
-
-      passwords
-    end
-
   end
 end

lib/environment.rb

@@ -26,6 +26,7 @@ begin
   require 'base64'
   require 'rbconfig'
   require 'pp'
+  require 'shellwords'
   # Third party libs
   require 'typhoeus'
   require 'json'