cktricky/ken_auth_bruteforce.rb

## ken_auth_bruteforce.rb
require 'wXf/wXfui'

begin
  require 'rubygems'
  require 'celluloid'
rescue LoadError
end

module WXf
module WXfassists
module General
module PooledReq

class Pool
	include Celluloid


	##
	# Initialize Pool Object w/ thread count
	#
	def initialize
           @agent = WAx::WAxHTTPLibs::Mechanize.new
	end

	##
	# Send threaded HTTP Requests
	#	@action: Proc (request object)
	#	@params: Hash (request params)
	#	@response_action: Proc (action to be performed as response)
	#	@args:		List of other arguments
	#
	def get(url)
		response = @agent.get("http://www.cnn.com")
		return response
	end
end

end end end end

## ken_pooled_req.rb
class WebXploit < WXf::WXfmod_Factory::Auxiliary

 include WXf::WXfassists::General::PooledReq

  def initialize
      super(
        'Name'        => 'phpMyAdmin Auth Bruteforce',
        'Version'     => '1.1',
        'Description' => %q{
          Bruteforce authentication for phpMyAdmin                 },
        'Author'      => ['John Poulin' ],
        'License'     => WXF_LICENSE

      )

      init_opts([
		OptString.new('DIR', [true, "Directory in which phpmyadmin resides", "phpmyadmin"]),
		OptString.new('USERNAME', [true, "Username to enumerate", "root"]),
		OptString.new('VERBOSE', [false, "Show verbose output?", false]),
		OptString.new('PASSLIST', [true, "Location of password list", ""])
      ])

  end

  def run
	puts "Starting: #{puts Time.new.localtime}"
	# Create threadpool
	pool = Pool.new

	username = datahash['USERNAME']

	# Prepare file
	file = Array.new(1000, "wtf")

	# Iterate over file contents
   file.each do |pass|
	 res = pool.get(rurl + "/" + datahash['DIR'] + "/index.php")
	 puts res
	 end
  end

end
	require 'wXf/wXfui'

	begin
	require 'rubygems'
	require 'celluloid'
	rescue LoadError
	end

	module WXf
	module WXfassists
	module General
	module PooledReq

	class Pool
	include Celluloid


	##
	# Initialize Pool Object w/ thread count
	#
	def initialize
	@agent = WAx::WAxHTTPLibs::Mechanize.new
	end

	##
	# Send threaded HTTP Requests
	# @action: Proc (request object)
	# @params: Hash (request params)
	# @response_action: Proc (action to be performed as response)
	# @args: List of other arguments
	#
	def get(url)
	response = @agent.get("http://www.cnn.com")
	return response
	end
	end

	end end end end
	class WebXploit < WXf::WXfmod_Factory::Auxiliary

	include WXf::WXfassists::General::PooledReq

	def initialize
	super(
	'Name' => 'phpMyAdmin Auth Bruteforce',
	'Version' => '1.1',
	'Description' => %q{
	Bruteforce authentication for phpMyAdmin },
	'Author' => ['John Poulin' ],
	'License' => WXF_LICENSE

	)

	init_opts([
	OptString.new('DIR', [true, "Directory in which phpmyadmin resides", "phpmyadmin"]),
	OptString.new('USERNAME', [true, "Username to enumerate", "root"]),
	OptString.new('VERBOSE', [false, "Show verbose output?", false]),
	OptString.new('PASSLIST', [true, "Location of password list", ""])
	])

	end

	def run
	puts "Starting: #{puts Time.new.localtime}"
	# Create threadpool
	pool = Pool.new

	username = datahash['USERNAME']

	# Prepare file
	file = Array.new(1000, "wtf")

	# Iterate over file contents
	file.each do \|pass\|
	res = pool.get(rurl + "/" + datahash['DIR'] + "/index.php")
	puts res
	end
	end

	end