More basic updates, added a readme
Updated to fit a more formal structure
Updated DB to working version for entry
⚠⚠⚠ IN DEVELOPMENT - DO NOT USE ⚠⚠⚠
All things will be squashed, history is a lie
⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠
A generic password spraying framework focused on the little details and a simple interface. Unlike other spraying frameworks Sprey attempts to log all the details of all spraying activities to a database and follows a job driven framework that allows for multiple type of user interfaces, distributed jobs, post-spray analysis, and reporting.
# Generic spraying, attempts to automatically analyze responses and match based on variance
sprey -r request.http -d database.db -u userlist.txt -p passwordlist.txt
sprey -r request.http -d database.db -u userlist.txt -p passwordlist.txt -m match
# Spray and match success based on HTTP response code
sprey -r request.http -d database.db -u userlist.txt -p passwordlist.txt -c '302'
# Spray and match success based on HTTP response matching regex
sprey -r request.http -d database.db -u userlist.txt -p passwordlist.txt -x '^User Authentication - Success.*$'
# Stop after successful spraying and run an action with HTTP response
sprey -r request.http -d database.db -u userlist.txt -p passwordlist.txt -s -a './headless-keepalive.sh "{{Response}}"'
# Generic spraying, attempts to automatically analyze responses and match based on timing
sprey -r request.http -d database.db -u userlist.txt -p passwordlist.txt -m timing -V 60ms -low
sprey -r request.http -d database.db -u userlist.txt -p passwordlist.txt -m timing -V 60ms -high
sprey -r request.http -d database.db -u userlist.txt -p passwordlist.txt -m timing -V 50% -high
spray - Core runner
-r, -request - HTTP request
-host - Host header override
-k, -ignore-tls - Ignore HTTPS errors
-d, -db - Database storage location
-u, -users - Username list
-p, -passwords - Password candidate list
-a, -action - Run action
-o, -out - Output successful authentications (TODO format)
-b, -bail - Bail/Fail on response regex
-j, -module - Add module and import it's template for use in Sprey templates
-f, -follow - Follow redirect
-proxy - Proxy
-resume - Resume session
-dist - Distributed mode, without '-s' outputs the disributed job list, with '-q' assigns number of sprey lists to split by
-dist-list - Split distribution based on file list
-nodes - Number of distributed nodes
-v, -verbose - Verbose
-q, -quiet - Quiet
-h, -help - Help
-print - Print template variables and information
-socket - UNIX socket path for management
-delay -
-delay-user - Time between a user spray that is allowed
-delay-lockout -
-delay-window -
-delay-random -
#modes
-m, -mode - Match mode - (timing, match, analysis)
#match mode options
-c - HTTP codes to successfully match, prefix of '-' to match NOT the error code
#timing mode options
-V - Manually set HTTP variance
-n - Do not establish timing baseline
-baseline-requests - Default 10 requests to establish statistical timing baseline
-low - Match quicker responses
-high - Match slower responses based on variance
-i - Analysis mode
-t - Output mode (list,json,csv,TODO)
-clear - Clear the database
-report - Generate static HTML report
#timing settings
-policy - Password policy TODO format (dur,thresh,window)
#misc
-utility - Utilities (user-agent-update,signal-stop,signal-start,add-candidate,remove-candidate)
- user-agent-update - Updates the user-agent
- add-candidate - Given '-add' flag adds a "user:password" pair candidate to a current running job (Requires control socket with -socket), can be specified with just '-add'
- remove-candidate - Given '-remove' flag adds a "user:password" pair candidate to a current running job (Requires control socket with -socket), can be specified with just '-remove'
-add - Add candidate to running process (Requires -socket) TODO syntax
-remove - Remove candidate to running process (Requires -socket) TODO syntax
sprayd - HTTP server
go get git.sr.ht/~poptart/sprey/...