Merge pull request #149 from x90skysn3k/dev

v2.3.1 merge to main

Author: x90skysn3k

.github/workflows/release.yml

@@ -26,7 +26,7 @@ jobs:
           go-version: "stable"
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v6.0.0
+        uses: goreleaser/goreleaser-action@v6.1.0
         with:
           distribution: goreleaser
           version: latest

README.md

@@ -1,6 +1,6 @@
-# BruteSpray
+# Brutespray
 
-![Version](https://img.shields.io/badge/Version-2.2.4-red)[![goreleaser](https://github.com/x90skysn3k/brutespray/actions/workflows/release.yml/badge.svg)](https://github.com/x90skysn3k/brutespray/actions/workflows/release.yml)[![Go Report Card](https://goreportcard.com/badge/github.com/x90skysn3k/brutespray)](https://goreportcard.com/report/github.com/x90skysn3k/brutespray)
+![Version](https://img.shields.io/badge/Version-2.3.1-red)[![goreleaser](https://github.com/x90skysn3k/brutespray/actions/workflows/release.yml/badge.svg)](https://github.com/x90skysn3k/brutespray/actions/workflows/release.yml)[![Go Report Card](https://goreportcard.com/badge/github.com/x90skysn3k/brutespray)](https://goreportcard.com/report/github.com/x90skysn3k/brutespray)
 
 Created by: Shane Young/@t1d3nio && Jacob Robles/@shellfail 
 
@@ -11,13 +11,19 @@ Brutespray has been re-written in Golang, eliminating the requirement for additi
 
 <img src="https://i.imgur.com/6fQI6Qs.png" width="500">
 
-# Installation
+# Install
+
+```
+go install github.com/x90skysn3k/brutespray@latest
+```
 
 [Release Binaries](https://github.com/x90skysn3k/brutespray/releases)
 
 To Build:
 
-```go build -o brutespray main.go```
+```
+go build -o brutespray main.go
+```
 
 # Usage
 
@@ -64,6 +70,14 @@ Command: ```brutespray -H ssh://127.0.0.1 -C root:root```
 
 ```brutespray -H ssh://10.1.1.0/24:22 -t 1000```
 
+#### Socks5 Proxy Support
+
+```brutespray -H ssh://10.1.1.0/24:22 -socks5 localhost:1080```
+
+#### Network Interface Support
+
+```brutespray -H ssh://10.1.1.0/24:22 -iface tun0```
+
 #### Print Found Services
 
 ```brutespray -f nessus.nessus -P -q```
@@ -102,10 +116,6 @@ Command: ```brutespray -H ssh://127.0.0.1 -C root:root```
 
 Feel free to open an issue if these work, or if you have any issues
 
-# Services in Progress
-
-* rdp - the issue is no one has written a good library for NLA
-
 # Data Specs
 ```json
 {"host":"127.0.0.1","port":"3306","service":"mysql"}
@@ -134,10 +144,10 @@ user4:pass1
 # Planned Features
 
 * Add domain option for RDP, SMB
-* Ability to set proxy
-* Ability to select interface
+* ~~Ability to set proxy~~
+* ~~Ability to select interface~~
 * More modules
-* Better connection handling
+* ~~Better connection handling~~
 
 # Star History
 

brute/asterisk.go

@@ -2,20 +2,27 @@ package brute
 
 import (
 	"fmt"
-	"net"
 	"strings"
 	"time"
 
 	"github.com/wenerme/astgo/ami"
+	"github.com/x90skysn3k/brutespray/modules"
 )
 
 // this is very alpha and I have no idea if it even works
-func BruteAsterisk(host string, port int, user, password string, timeout time.Duration) (bool, bool) {
+func BruteAsterisk(host string, port int, user, password string, timeout time.Duration, socks5 string, netInterface string) (bool, bool) {
 	target := fmt.Sprintf("%s:%d", host, port)
-	conn, err := net.DialTimeout("tcp", target, timeout)
+	connManager, err := modules.NewConnectionManager(socks5, timeout, netInterface)
 	if err != nil {
 		return false, false
 	}
+
+	service := "asterisk"
+	conn, err := connManager.Dial("tcp", target)
+	if err != nil {
+		modules.PrintSocksError(service, fmt.Sprintf("%v", err))
+		return false, false
+	}
 	defer conn.Close()
 
 	boot := make(chan *ami.Message, 1)

brute/ftp.go

@@ -1,28 +1,59 @@
 package brute
 
 import (
-	"strconv"
+	"fmt"
+	"net"
 	"time"
 
 	"github.com/jlaffaye/ftp"
+	"github.com/x90skysn3k/brutespray/modules"
 )
 
-func BruteFTP(host string, port int, user, password string, timeout time.Duration) (bool, bool) {
-	conn, err := ftp.Dial(host+":"+strconv.Itoa(port), ftp.DialWithTimeout(timeout))
+func BruteFTP(host string, port int, user, password string, timeout time.Duration, socks5 string, netInterface string) (bool, bool) {
+	timer := time.NewTimer(timeout)
+	defer timer.Stop()
+
+	type result struct {
+		client *ftp.ServerConn
+		err    error
+	}
+	done := make(chan result)
+
+	cm, err := modules.NewConnectionManager(socks5, timeout, netInterface)
 	if err != nil {
 		return false, false
 	}
-	defer func() {
-		if err := conn.Quit(); err != nil {
-			_ = err
-			//fmt.Printf("Failed to send QUIT command: %v\n", err)
+
+	go func() {
+		conn, err := cm.Dial("tcp", fmt.Sprintf("%s:%d", host, port))
+		if err != nil {
+			done <- result{nil, err}
+			return
+		}
+		defer conn.Close()
+
+		client, err := ftp.Dial(conn.RemoteAddr().String(), ftp.DialWithDialFunc(func(network, addr string) (net.Conn, error) { return conn, nil }))
+		if err != nil {
+			done <- result{nil, err}
+			return
 		}
+		err = client.Login(user, password)
+		done <- result{client, err}
 	}()
 
-	err = conn.Login(user, password)
-	if err != nil {
-		return false, true
+	select {
+	case <-timer.C:
+		return false, false
+	case result := <-done:
+		if result.client != nil {
+			err := result.client.Quit()
+			if err != nil {
+				_ = err
+			}
+		}
+		if result.err != nil {
+			return false, true
+		}
+		return true, true
 	}
-
-	return true, true
 }

brute/imap.go

@@ -1,39 +1,25 @@
 package brute
 
 import (
-	"crypto/tls"
 	"fmt"
-	"net"
 	"time"
 
 	"github.com/emersion/go-imap/client"
+	"github.com/x90skysn3k/brutespray/modules"
 )
 
-func BruteIMAP(host string, port int, user, password string, timeout time.Duration) (bool, bool) {
-	var (
-		conn net.Conn
-		err  error
-	)
-
-	conn, err = net.DialTimeout("tcp", fmt.Sprintf("%s:%d", host, port), timeout)
-
+func BruteIMAP(host string, port int, user, password string, timeout time.Duration, socks5 string, netInterface string) (bool, bool) {
+	var service = "imap"
+	cm, err := modules.NewConnectionManager(socks5, timeout, netInterface)
 	if err != nil {
-		tlsDialer := &tls.Dialer{
-			NetDialer: &net.Dialer{
-				Timeout: timeout,
-			},
-			Config: &tls.Config{
-				InsecureSkipVerify: true,
-			},
-		}
-
-		_, err = tlsDialer.Dial("tcp", fmt.Sprintf("%s:%d", host, port))
+		modules.PrintSocksError(service, fmt.Sprintf("%v", err))
+		return false, false
+	}
 
-		if err != nil {
-			return false, false
-		} else {
-			return false, true
-		}
+	conn, err := cm.Dial("tcp", fmt.Sprintf("%s:%d", host, port))
+	if err != nil {
+		modules.PrintSocksError(service, fmt.Sprintf("%v", err))
+		return false, false
 	}
 
 	c, err := client.New(conn)

brute/mongodb.go

@@ -3,31 +3,87 @@ package brute
 import (
 	"context"
 	"fmt"
+	"net"
 	"time"
 
 	"go.mongodb.org/mongo-driver/mongo"
 	"go.mongodb.org/mongo-driver/mongo/options"
-	"go.mongodb.org/mongo-driver/mongo/readpref"
+
+	"github.com/x90skysn3k/brutespray/modules"
 )
 
-func BruteMongoDB(host string, port int, user, password string, timeout time.Duration) (bool, bool) {
+type ContextDialerWrapper struct {
+	CM *modules.ConnectionManager
+}
+
+func (cdw *ContextDialerWrapper) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
+	if _, ok := ctx.Deadline(); ok {
+
+		return cdw.CM.DialFunc(network, address)
+	}
+	return cdw.CM.DialFunc(network, address)
+}
+
+func BruteMongoDB(host string, port int, user, password string, timeout time.Duration, socks5 string, netInterface string) (bool, bool) {
+	cm, err := modules.NewConnectionManager(socks5, timeout, netInterface)
+	if err != nil {
+		//fmt.Printf("Failed to create connection manager: %v\n", err)
+		return false, false
+	}
+
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 
-	clientOptions := options.Client().ApplyURI(fmt.Sprintf("mongodb://%s:%s@%s:%d", user, password, host, port))
+	dialer := &ContextDialerWrapper{CM: cm}
+
+	clientOptions := options.Client().
+		ApplyURI(fmt.Sprintf("mongodb://%s:%s@%s:%d", user, password, host, port)).
+		SetDialer(dialer)
 	client, err := mongo.Connect(ctx, clientOptions)
 	if err != nil {
+		//fmt.Printf("Failed to connect: %v\n", err)
 		return false, false
 	}
 	defer func() {
 		if err := client.Disconnect(ctx); err != nil {
 			_ = err
+			//fmt.Printf("Failed to disconnect: %v\n", err)
 		}
 	}()
 
-	err = client.Ping(ctx, readpref.Primary())
+	err = client.Database("admin").RunCommand(ctx, map[string]interface{}{"ping": 1}).Err()
 	if err != nil {
+		if mongo.IsTimeout(err) {
+			//fmt.Printf("Connection timeout: %v\n", err)
+			return false, false
+		}
+		if isAuthError(err) {
+			//fmt.Printf("Authentication failed: %v\n", err)
+			return false, true
+		}
+		//fmt.Printf("Other error during ping: %v\n", err)
 		return false, true
 	}
+
+	//fmt.Println("Authentication successful.")
 	return true, true
 }
+
+func isAuthError(err error) bool {
+	if commandError, ok := err.(mongo.CommandError); ok {
+		authErrorCodes := map[int32]bool{
+			18:   true, // Authentication failed
+			13:   true, // Unauthorized
+			8000: true, // SaslAuthenticationFailed
+		}
+		return authErrorCodes[commandError.Code]
+	}
+	if writeException, ok := err.(mongo.WriteException); ok {
+		for _, we := range writeException.WriteErrors {
+			if we.Code == 18 || we.Code == 13 || we.Code == 8000 {
+				return true
+			}
+		}
+	}
+	return false
+}

brute/mssql.go

@@ -4,31 +4,41 @@ import (
 	"context"
 	"database/sql"
 	"fmt"
-	"net"
 	"time"
+
+	_ "github.com/denisenkom/go-mssqldb"
+	"github.com/x90skysn3k/brutespray/modules"
 )
 
-func BruteMSSQL(host string, port int, user, password string, timeout time.Duration) (bool, bool) {
-	connString := fmt.Sprintf("server=%s:%d;user id=%s;password=%s;database=master", host, port, user, password)
+func BruteMSSQL(host string, port int, user, password string, timeout time.Duration, socks5 string, netInterface string) (bool, bool) {
+	connString := fmt.Sprintf("server=%s;port=%d;user id=%s;password=%s", host, port, user, password)
+
+	cm, err := modules.NewConnectionManager(socks5, timeout, netInterface)
+	if err != nil {
+		return false, false
+	}
 
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 
-	conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%d", host, port), timeout)
+	conn, err := cm.Dial("tcp", fmt.Sprintf("%s:%d", host, port))
 	if err != nil {
 		return false, false
 	}
 	_ = conn.Close()
 
 	db, err := sql.Open("mssql", connString)
 	if err != nil {
+		//fmt.Println(err)
 		return false, true
 	}
 	defer db.Close()
 
 	err = db.PingContext(ctx)
 	if err != nil {
+		//fmt.Println(err)
 		return false, true
 	}
+
 	return true, true
 }

brute/mysql.go

@@ -4,14 +4,20 @@ import (
 	"context"
 	"database/sql"
 	"fmt"
-	"net"
 	"time"
 
+	"github.com/x90skysn3k/brutespray/modules"
+
 	_ "github.com/go-sql-driver/mysql"
 )
 
-func BruteMYSQL(host string, port int, user, password string, timeout time.Duration) (bool, bool) {
-	conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%d", host, port), timeout)
+func BruteMYSQL(host string, port int, user, password string, timeout time.Duration, socks5 string, netInterface string) (bool, bool) {
+	cm, err := modules.NewConnectionManager(socks5, timeout, netInterface)
+	if err != nil {
+		return false, false
+	}
+
+	conn, err := cm.Dial("tcp", fmt.Sprintf("%s:%d", host, port))
 	if err != nil {
 		return false, false
 	}