-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
112 lines (101 loc) · 2.74 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package main
import (
"flag"
"os"
"os/exec"
"strings"
)
func init() {
flag.StringVar(&_url, "u", "", "Url of the API")
flag.Int64Var(&_concurrencyLevel, "t", 3, "Number of concurrent threads (default=3)")
flag.StringVar(&_wordlistFile, "w", "", "Path to the wordlist")
flag.StringVar(&_methodStr, "m", "POST", "Method of the request. Default=POST")
flag.StringVar(&_payload, "p", "", "The attribute you want to modify. Example: -p email -w email.txt")
flag.Int64Var(&_limit, "l", 0, "Stop the program when the number of request equals ${limit}")
flag.StringVar(&_generalPayload, "gp", "", "The payload that does not change with each request. Exemple: -gp \"{\\\"email\\\":\\\"guillaume@test.com\\\"}\"")
flag.StringVar(&_response, "r", "", "Corresponds to the response or message returned by the API. If the response of the request contains the response specified then the program stops. Example: -r \"{\\\"success\\\":true}\"")
flag.BoolVar(&_not, "n", false, "Stop the program when the request send a response different of the -r specified. Exemple: -r \"INVALD API KEY\" -n => The program stop when the response is different that \"INVALID API KEY\"")
flag.Parse()
}
type Methods string
const (
POST Methods = "POST"
// GET = "GET"
// PATCH = "PATCH"
// PUT = "PUT"
// DELETE = "DELETE"
)
var (
_concurrencyLevel int64 = 3
_limit int64 = -1
_wordlistFile string
_generalPayload string
_url string
_payload string
_not bool = false
_methodStr string
_method Methods = "POST"
_response string
)
func manageBrutForce() {
switch _method {
case POST:
brutForcePOST()
break
// case GET:
// brutForceGET()
// break
// case PUT:
// brutForcePUT()
// break
// case DELETE:
// brutForceDELETE()
// break
// case PATCH:
// brutForcePATCH()
// break
default:
break
}
}
func manageError() {
if _url == "" {
help()
exitError("Url is empty")
}
if _concurrencyLevel <= 0 {
help()
exitError("-t should be greater than 0")
}
if _wordlistFile == "" {
help()
exitError("Wordlist is empty")
}
if _limit == -1 && len(_response) == 0 {
help()
exitError("Not limit or response specified")
}
ping, _ := exec.Command("ping", _url, "-c 5", "-i 3", "-w 10").Output()
if strings.Contains(string(ping), "Destination Host Unreachable") {
exitError("Wrong URL")
}
}
func manageArgs(args []string) {
setMethod(Methods(_methodStr))
if _payload != "" {
setGeneralPayload(_payload)
}
if _response != "" {
setResponse(_response)
}
manageError()
}
func main() {
if len(os.Args) == 2 && (os.Args[1] == "-h" || os.Args[1] == "--help") {
help()
} else {
manageArgs(os.Args)
manageBrutForce()
}
os.Exit(0)
}