{"id":15374435,"url":"https://github.com/ivan-sincek/websocket-bf","last_synced_at":"2025-02-28T00:32:26.658Z","repository":{"id":107019596,"uuid":"278348908","full_name":"ivan-sincek/websocket-bf","owner":"ivan-sincek","description":"Brute force a REST API query through WebSocket. Based on cURL.","archived":true,"fork":false,"pushed_at":"2023-04-27T20:59:48.000Z","size":4,"stargazers_count":9,"open_issues_count":0,"forks_count":5,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-16T14:56:51.966Z","etag":null,"topics":["bash","brute-force","cracking","curl","dictionary-attack","ethical-hacking","fuzzing","networking","offensive-security","rest-api","security","websocket"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ivan-sincek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-07-09T11:43:23.000Z","updated_at":"2024-11-17T22:26:12.000Z","dependencies_parsed_at":null,"dependency_job_id":"3fae9f22-cee4-425a-8253-1a4c14291c06","html_url":"https://github.com/ivan-sincek/websocket-bf","commit_stats":{"total_commits":1,"total_committers":1,"mean_commits":1.0,"dds":0.0,"last_synced_commit":"37a37f1afa3c6d440998e45548d8488fb5bdcb08"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fwebsocket-bf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fwebsocket-bf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fwebsocket-bf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fwebsocket-bf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ivan-sincek","download_url":"https://codeload.github.com/ivan-sincek/websocket-bf/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241078871,"owners_count":19905948,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","brute-force","cracking","curl","dictionary-attack","ethical-hacking","fuzzing","networking","offensive-security","rest-api","security","websocket"],"created_at":"2024-10-01T13:58:46.774Z","updated_at":"2025-02-28T00:32:26.650Z","avatar_url":"https://github.com/ivan-sincek.png","language":"Shell","readme":"# WebSocket BF\n\nBrute force a REST API query through WebSocket. Based on cURL.\n\nTweak this tool to fit your scenario by modifying HTTP request headers and/or query strings within the script.\n\nTested on [socket.io](https://socket.io).\n\nTested on Kali Linux v2021.2 (64-bit).\n\nMade for educational purposes. I hope it will help!\n\n## How to Run\n\nOpen your preferred console from [/src/](https://github.com/ivan-sincek/websocket-bf/tree/master/src) and run the commands shown below.\n\nInstall required packages:\n\n```fundamental\napt-get -y install bc jq\n```\n\nChange file permissions:\n\n```fundamental\nchmod +x websocket_bf.sh\n```\n\nRun the script:\n\n```fundamental\n./websocket_bf.sh\n```\n\n## Usage\n\n```fundamental\nWebSocket BF v1.9 ( github.com/ivan-sincek/websocket-bf )\n\n--- Single request ---\nUsage:   ./websocket_bf.sh -d domain              -p payload                             [-t token            ]\nExample: ./websocket_bf.sh -d https://example.com -p '42[\"verify\",\"{\\\"otp\\\":\\\"1234\\\"}\"]' [-t xxxxx.yyyyy.zzzzz]\n\n--- Brute force ---\nUsage:   ./websocket_bf.sh -d domain              -p payload                                     -w wordlist             [-t token            ]\nExample: ./websocket_bf.sh -d https://example.com -p '42[\"verify\",\"{\\\"otp\\\":\\\"\u003cinjection/\u003e\\\"}\"]' -w all_numeric_four.txt [-t xxxxx.yyyyy.zzzzz]\n\nDESCRIPTION\n    Brute force a REST API query through WebSocket\nDOMAIN\n    Specify a target domain and protocol\n    -d \u003cdomain\u003e - https://example.com | https://192.168.1.10 | etc.\nPAYLOAD\n    Specify a query/payload to brute force\n    Make sure to enclose it in single quotes\n    Mark the injection point with \u003cinjection/\u003e\n    -p \u003cpayload\u003e - '42[\"verify\",\"{\\\"otp\\\":\\\"\u003cinjection/\u003e\\\"}\"]' | etc.\nWORDLIST\n    Specify a wordlist to use\n    -w \u003cwordlist\u003e - all_numeric_four.txt | etc.\nTOKEN\n    Specify a token to use\n    -t \u003ctoken\u003e - xxxxx.yyyyy.zzzzz | etc.\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fivan-sincek%2Fwebsocket-bf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fivan-sincek%2Fwebsocket-bf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fivan-sincek%2Fwebsocket-bf/lists"}