Skip to content
/ bruter Public

Bruter is an OSINT tooling, an experiment to build a reconnaissance simple app to have fun 🕵️‍♂️

License

GPL-3.0 license
48 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CyberRoute/bruter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

114 Commits
.github/workflows
.github/workflows
 
 
cmd/bruter
cmd/bruter
 
 
db
db
 
 
img
img
 
 
pkg
pkg
 
 
static
static
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

go build golangci-lint Go Report Card

Bruter

Bruter is a simple app that was built as an experiment while learning Go. It is indeed very much inspired by Xray git (but hey not copied ;)). The tooling can be used to test webservers and validate webservers configurations, but not just!

What does it do?

  • It grabs HostInfo data from Shodan APIs, so you will need a Token to try this out
  • It collects banners for various services FTP, SSH, MYSQL, IRC, SMTP
  • It collects HTTP headers
  • It collects WHOIS query information
  • It brute force directories on WebServers and reports results (200)
  • It provides info from crt.sh about SSL certificates
  • It supports custom wordlists
  • It produces a Web UI for presentation

Usage

   Usage of /tmp/go-build3838391229/b001/exe/concurrency:
  -address string
    	IP address to bind the web UI server to. (default "127.0.0.1")
  -dictionary string
    	File to use for enumeration. (default "db/apache-list")
  -domain string
    	domain to scan
  -extension string
    	File extension. (default "js")
  -shodan string
    	shodan API key
  -verbose
    	Verbosity
  -workers int
    	Default is 0, if workers is less than or equal than zero, it will be auto scaled to the number of logical CPUs usable by the current process.

Running in Docker

docker build -t bruter .
docker run --rm -it -p 8080:8080 bruter -domain example.com -shodan [shodanapikey] -verbose

Example

go run cmd/bruter/* -domain example.com -shodan [SHODANTOKEN] -verbose
12:41PM INF Scanning IP 93.184.216.34 OK
12:41PM INF UI running on http://127.0.0.1:8080/
12:41PM INF http://example.com/.htaccess.bak => 404 Not Found
12:41PM INF http://example.com/httpd/logs/access_log => 404 Not Found
12:41PM INF http://example.com/logs/error.log => 404 Not Found
12:41PM INF http://example.com/cgi => 404 Not Found
12:41PM INF http://example.com/apache/logs/access_log => 404 Not Found
12:41PM INF http://example.com/apache/logs/access.log => 404 Not Found
12:41PM INF http://example.com/logs/access.log => 404 Not Found
12:41PM INF http://example.com/logs/error_log => 404 Not Found
12:41PM INF http://example.com/httpd/logs/error.log => 404 Not Found
12:41PM INF http://example.com/logs/access.log => 404 Not Found
12:41PM INF http://example.com/cgi-bin => 404 Not Found
12:41PM INF http://example.com/httpd/logs/error_log => 404 Not Found
12:41PM INF http://example.com/.web => 404 Not Found
12:41PM INF http://example.com/httpd/logs/access.log => 404 Not Found
12:41PM INF http://example.com/.meta => 404 Not Found
12:41PM INF http://example.com/apache/logs/error.log => 404 Not Found
12:41PM INF http://example.com/apache/logs/error_log => 404 Not Found

Example of the Web UI

Contribute

Fork the repo and send PRs

make all

Cleaning up
rm -rf build
Running tests...
go test ./... -v -cover -race
?   	github.com/CyberRoute/bruter/cmd/bruter	[no test files]
?   	github.com/CyberRoute/bruter/pkg/config	[no test files]
?   	github.com/CyberRoute/bruter/pkg/grabber	[no test files]
?   	github.com/CyberRoute/bruter/pkg/handlers	[no test files]
?   	github.com/CyberRoute/bruter/pkg/models	[no test files]
?   	github.com/CyberRoute/bruter/pkg/render	[no test files]
?   	github.com/CyberRoute/bruter/pkg/shodan	[no test files]
=== RUN   TestUrlJoin
--- PASS: TestUrlJoin (0.00s)
=== RUN   TestAuth
{"level":"info","time":"2023-03-10T14:25:36+01:00","message":"http://127.0.0.1:36983/ => 200 OK"}
{"level":"info","time":"2023-03-10T14:25:36+01:00","message":"http://127.0.0.1:44337/ => 403 Forbidden"}
{"level":"info","time":"2023-03-10T14:25:36+01:00","message":"http://127.0.0.1:45357/ => 500 Internal Server Error"}
--- PASS: TestAuth (0.01s)
PASS
	github.com/CyberRoute/bruter/pkg/fuzzer	coverage: 71.0% of statements
ok  	github.com/CyberRoute/bruter/pkg/fuzzer	0.044s	coverage: 71.0% of statements
=== RUN   TestResolveByName
=== RUN   TestResolveByName/valid_domain
=== RUN   TestResolveByName/invalid_domain
--- PASS: TestResolveByName (0.14s)
    --- PASS: TestResolveByName/valid_domain (0.00s)
    --- PASS: TestResolveByName/invalid_domain (0.13s)
PASS
	github.com/CyberRoute/bruter/pkg/network	coverage: 26.7% of statements
ok  	github.com/CyberRoute/bruter/pkg/network	0.165s	coverage: 26.7% of statements
Running lint...
go list ./... | golangci-lint run 
Formatting...
gofmt -s -w .
Building...
go build -o build/bruter cmd/bruter/*.go

License

Bruter is developed by Alessandro Bresciani with some help from various projects and released with GPL license.

Acknowledgments

DB file has been borrowed from dirsearch

About

Bruter is an OSINT tooling, an experiment to build a reconnaissance simple app to have fun 🕵️‍♂️

Topics

golang security security-audit osint grabber bruteforce wordlist enumeration fuzzing dirsearch information-gathering security-tools dirbuster dir-buster reconnaissance web-enumeration directory-brute-forcing

Resources

Readme

License

GPL-3.0 license
Activity

Stars

48 stars

Watchers

2 watching

Forks

7 forks
Report repository

Releases 4

v1.3.0-beta Latest
Jul 12, 2024
+ 3 releases

Packages

No packages published

Contributors 2

Languages