Skip to content

Commit

Permalink
Add HTTP Basic Auth Protocol
Browse files Browse the repository at this point in the history
  • Loading branch information
vpereira committed Nov 26, 2023
1 parent 361e074 commit 989c1fd
Show file tree
Hide file tree
Showing 6 changed files with 51 additions and 2 deletions.
5 changes: 4 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
.PHONY: build deps test integration
.PHONY: build deps test integration fmt

build:
# workaround to avoid the error: fatal: detected dubious ownership in repository at '/__w/brucutu/brucutu'
Expand All @@ -10,6 +10,9 @@ deps:
test:
go test -v ./...

fmt:
go fmt ./...

# it runs in the docker-compose environment, runner container
integration: build
./scripts/test_invalid_parameters.sh
Expand Down
41 changes: 41 additions & 0 deletions internal/connect/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,9 @@ package connect

import (
"crypto/tls"
"encoding/base64"
"fmt"
"net/http"
"sync"
"time"

Expand All @@ -20,6 +22,45 @@ type Arguments struct {
Password string
}

// HTTP Basic Auth Bruteforce
func HTTPBasicAuth(wg *sync.WaitGroup, throttler <-chan int, output chan string, ca Arguments) {
defer wg.Done()

var httpURL string
if ca.UseTLS {
httpURL = "https://" + ca.Host
} else {
httpURL = "http://" + ca.Host
}

req, err := http.NewRequest("GET", httpURL, nil)
if err != nil {
<-throttler
return
}

auth := base64.StdEncoding.EncodeToString([]byte(ca.User + ":" + ca.Password))
req.Header.Add("Authorization", "Basic "+auth)

client := &http.Client{
Timeout: 5 * time.Second,
}

resp, err := client.Do(req)
if err != nil {
<-throttler
return
}

defer resp.Body.Close()

if resp.StatusCode == http.StatusOK {
output <- fmt.Sprintf("%s:%s", ca.User, ca.Password)
}

<-throttler
}

// POP3 Bruteforce
func POP3(wg *sync.WaitGroup, throttler <-chan int, output chan string, ca Arguments) {
defer wg.Done()
Expand Down
2 changes: 1 addition & 1 deletion internal/util/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ var supportedProtocols = map[string]int{
"imaps": 993,
}

//PrintSupportedProtocols can be improved
// PrintSupportedProtocols can be improved
func PrintSupportedProtocols() {
fmt.Println(supportedProtocols)
}
Expand Down
2 changes: 2 additions & 0 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,8 @@ func main() {
wg.Add(1)
ca := connect.Arguments{StartTLS: *cli.StartTLS, UseTLS: *cli.UseTLS, Host: *host, User: user, Password: password}
switch myURL.Scheme {
case "http", "https":
go connect.HTTPBasicAuth(&wg, throttler, outputChannel, ca)
case "pop3", "pop3s":
go connect.POP3(&wg, throttler, outputChannel, ca)
case "ssh":
Expand Down
2 changes: 2 additions & 0 deletions scripts/test_invalid_parameters.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,7 @@ $BRUCUTU -u xxx://localhost && exit 1
echo "Invalid set of arguments"
$BRUCUTU -u pop3://localhost -L samples/users.txt -l foo -p bar && exit 1

echo "False user and password for http basic auth"
$BRUCUTU -u http://http_basic_auth -l foo -p XXXX && exit 1

exit 0
1 change: 1 addition & 0 deletions scripts/test_valid_use_cases.sh
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,6 @@ $BRUCUTU -u ssh://ssh -a 2222 -l root -p superpassword || exit -1
$BRUCUTU -u ssh://ssh -a 2222 -L samples/users.txt -P samples/passwd.txt || exit -1
$BRUCUTU -u pop3://email -l foo -p thepassword || exit -1
$BRUCUTU -u pop3://email -L samples/users.txt -P samples/passwd.txt || exit -1
$BRUCUTU -u http://http_basic_auth -l foo -p bar || exit -1

exit 0

0 comments on commit 989c1fd

Please sign in to comment.