Skip to content

Instantly share code, notes, and snippets.

@JonCooperWorks

JonCooperWorks/bruteforce.go Secret

Last active September 27, 2020 14:44
Show Gist options
  • Save JonCooperWorks/d43c739020a5d98f51ce831edd5c8f6e to your computer and use it in GitHub Desktop.
Save JonCooperWorks/d43c739020a5d98f51ce831edd5c8f6e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
bruteforce.go
package main
import (
"bytes"
"io/ioutil"
"log"
"github.com/joncooperworks/httpfuzz"
)
type bruteForceSuccessful struct {
logger *log.Logger
}
func (b *bruteForceSuccessful) Listen(results <-chan *httpfuzz.Result) {
for result := range results {
// This is a buffer, ReadAll shouldn't fail
body, _ := ioutil.ReadAll(result.Response.Body)
if !bytes.Contains(body, []byte("Username and/or password incorrect")) {
b.logger.Printf("Password found: %s", result.Payload)
}
}
}
// New returns a bruteForceSuccessful plugin that detects if a brute force is successful on DWVA.
// This plugin simply logs all output to stdout, but plugins can save requests to disk, database or even send them to other services for further analysis.
func New(logger *log.Logger) (httpfuzz.Listener, error) {
return &bruteForceSuccessful{logger: logger}, nil
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment