關于BruteLoops
BruteLoops是一款功能強大且協定無關的線上密碼安全檢測API,廣大研究人員可以使用BruteLoops來實作線上密碼猜解,以檢查使用者所使用的密碼是否安全,或識别密碼中的安全問題。
BruteLoops針對身份驗證接口提供了密碼爆破猜解功能,代碼庫中提供了一個子產品化的使用示例,并示範了如何使用BruteLoops來實作密碼安全解析。它的功能非常齊全,并且提供了多個爆破子產品,下面給出的是其功能示例:
· http.accellion_ftp FTP HTTP接口登入加速子產品
· http.basic_digest 通用HTTP基本摘要驗證
· http.basic_ntlm 通用HTTP基本NTLM身份驗證
· http.global_protectWeb接口全局保護
· http.mattermost Mattermost登入Web接口
· http.netwrix Netwrix登入Web接口
· http.okta Okta JSON API
· http.owa2010 OWA 2010Web接口
· http.owa2016 OWA 2016 Web接口
· smb.smb 針對單個SMB伺服器執行任務
· testing.fake 用于教育訓練/測試的模拟身份驗證子產品
關鍵功能
· 協定無關
· SQLite支援
· 密碼噴射和密碼填充
· 密碼猜解計劃任務
· 細粒度可配置性以避免鎖定事件
· 任務暫停和繼續
· 多程序支援
· 日志記錄
工具依賴
BruteLoops工具要求Python 3.7或更高版本的Python環境,以及SQLAlchemy 1.3.0,後者可以通過pip工具以及該項目提供的requirements.txt來安裝:
python3.7 -m pip install -r requirements.txt
複制
工具安裝
廣大研究人員可以通過下列指令将該項目源碼克隆至本地,并安裝該工具所需的依賴元件:
git clone https://github.com/arch4ngel/bruteloops
cd bruteloops
python3 -m pip install -r requirements.txt
複制
工具使用
在使用該工具時,我們可以按照以下步驟來對密碼安全測試進行拆分:
· 尋找一個需要測試的目标服務;
· 如果py1中沒有存在該目标,則需要建構一個回調;
· 搜尋某些使用者名、密碼和憑證資訊;
· 通過向py2輸入認證資料來建構一個資料庫;
· 如果相關,則枚舉或請求活動目錄鎖定政策來智能地配置安全測試過程;
· 根據目标鎖定政策執行密碼安全測試【1】【3】【4】;
· 相關連結
py1:https://github.com/arch4ngel/BruteLoops/wiki/Using-example.py-to-Execute-Brute-Force-Attacks
py2:https://github.com/arch4ngel/BruteLoops/wiki/Using-dbmanager.py-To-Manage-Databases
py3:https://github.com/arch4ngel/BruteLoops/wiki/Explanation-of-Configuration-Parameters
py4:https://github.com/arch4ngel/BruteLoops/wiki/Jitter-Time-Format-Specification
工具使用樣例
通過example.py執行爆破猜解子產品
指令:
archangel@deskjet:bruteloops_dev~> ./example.py test.sqlite3 testing.fake --help
複制
輸出:
usage: example.py dbfile testing.fake [-h] --username USERNAME --password PASSWORD
Fake authentication module for training/testing
optional arguments:
-h, --help show this help message and exit
--username USERNAME required - str - Username to check against
--password PASSWORD required - str - Password to check against
複制
通過dbmanager.py建立輸入資料庫
指令:
archangel@deskjet:bruteloops_dev~> ./dbmanager.py --help
複制
輸出:
usage: dbmanager.py [-h] dbfile {dump-valid,dump-credentials,import-values,import-credentials,delete-values,delete-credentials} ...
Manage BruteLoops input databases
positional arguments:
dbfile Database file to manipulate
{dump-valid,dump-credentials,import-values,import-credentials,delete-values,delete-credentials}
SUBCOMMANDS:
dump-valid Dump valid credentials from the database
dump-credentials Dump all credential values from the database
import-values Import values into the target database
import-credentials Import credential pairs into the target database
delete-values Delete values from the target database
delete-credentials Delete credential pairs from the target database
optional arguments:
-h, --help show this help message and exit
複制
通過example.py執行模拟爆破猜解子產品
指令:
./example.py test.sqlite3 \
--parallel-guess-count 4 --auth-threshold 2 \
--auth-jitter-min 1s --auth-jitter-max 5s \
--threshold-jitter-min 10s --threshold-jitter-max 20s \
-lf test.log \
testing.fake --username administrator --password P@ssw0rd
複制
輸出:
archangel@deskjet:bruteloops_dev~> ./example.py test.sqlite3 -pgc 4 -at 2 -ajmin 1s -ajmax 5s -tjmin 10s -tjmax 20s -lf test.log testing.fake --username administrator --password P@ssw0rd
2020-12-08 15:22:50,077 - example.py - GENERAL - Initializing attack
2020-12-08 15:22:50,078 - BruteForcer - GENERAL - Initializing 4 process
2020-12-08 15:22:50,078 - BruteForcer - GENERAL - Logging attack configuration parameters
2020-12-08 15:22:50,078 - BruteForcer - GENERAL - Config Parameter -- authentication_jitter: <Jitter(min="1s", max="5s")>
2020-12-08 15:22:50,078 - BruteForcer - GENERAL - Config Parameter -- max_auth_jitter: <Jitter(min="10s", max="20s")>
2020-12-08 15:22:50,078 - BruteForcer - GENERAL - Config Parameter -- max_auth_tries: 2
2020-12-08 15:22:50,078 - BruteForcer - GENERAL - Config Parameter -- stop_on_valid: False
2020-12-08 15:22:50,078 - BruteForcer - GENERAL - Config Parameter -- db_file: test.sqlite3
2020-12-08 15:22:50,083 - BruteForcer - GENERAL - Beginning attack: 15:22:50 EST (20/12/08)
2020-12-08 15:22:51,572 - BruteForcer - INVALID - user1:pass1
2020-12-08 15:22:53,544 - BruteForcer - INVALID - admin:password
2020-12-08 15:22:54,597 - BruteForcer - INVALID - user1:password
2020-12-08 15:22:55,025 - BruteForcer - INVALID - admin:pass1
2020-12-08 15:22:55,247 - BruteForcer - INVALID - user2:pass1
2020-12-08 15:22:56,307 - BruteForcer - INVALID - user2:password
2020-12-08 15:22:59,025 - BruteForcer - INVALID - administrator:pass1
2020-12-08 15:22:59,680 - BruteForcer - INVALID - administrator:password
2020-12-08 15:23:07,384 - BruteForcer - INVALID - user1:welcome1
2020-12-08 15:23:07,955 - BruteForcer - INVALID - user1:P@ssw0rd
2020-12-08 15:23:08,775 - BruteForcer - INVALID - administrator:welcome1
2020-12-08 15:23:09,631 - BruteForcer - VALID - administrator:P@ssw0rd
2020-12-08 15:23:12,057 - BruteForcer - INVALID - user2:welcome1
2020-12-08 15:23:12,299 - BruteForcer - INVALID - admin:welcome1
2020-12-08 15:23:12,309 - BruteForcer - INVALID - user2:P@ssw0rd
2020-12-08 15:23:12,534 - BruteForcer - INVALID - admin:P@ssw0rd
2020-12-08 15:23:12,748 - BruteForcer - GENERAL - Attack finished
2020-12-08 15:23:12,748 - BruteForcer - GENERAL - Shutting attack down
2020-12-08 15:23:12,755 - BruteForcer - GENERAL - Closing/joining Processes
2020-12-08 15:23:12,758 - example.py - GENERAL - Attack complete
複制
項目位址
https://github.com/arch4ngel/BruteLoops