Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add **many** things (refactor core, add cache, ETA, multiple password file options, ...) (return of PR #74) #80

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add **many** things (refactor core, add cache, ETA, multiple password file options, ...) (return of PR #74) #80

wants to merge 1 commit into from

Conversation

synacktiv-antoineg
Copy link

Hello !

This PR is the comeback of PR #74. The code has been tested and rearranged a bit.

First of all, I'm really sorry this PR is still not atomic at all. Nonetheless, here are the changes proposed:

  • Reworked the core of CredMaster: added the CredentialPool object, now responsible for handling all credentials pairs and timings. The CredMaster object uses it to get the credentials to spray in its spray_threads
  • Thanks to the CredentialPool, CredMaster now supports a cache (SQLite). This makes sure that hitting CTRL+C and re-launching with the same config file and wordlist does not retry previous attempts
  • Thanks to the CredentialPool, the timings specified in the command-line are now "as seen by the target" (as opposed to "per thread" currently)
  • Thanks to the CredentialPool, it is now possible to combine multiple sources for usernames and passwords in the command line: a passwordfile (list of passwords to spray for all users), a passwordconfig (json pointing to list of passwords per domain, for cases when your userlist contains users from different domains), and a userpassfile (for specific and unique username/password combo)
  • You can now press the spacebar on your keyboard while CredMaster is running. This will give you some stats on the running instance, as well as an approximated ETA
  • Plugins can now signal the core that a user does not exist by returning the string "inexistant" in the response["result"]
  • You can now remove all occurences of the string "fireprox" from AWS, for better OPsec
  • Added a confirmation dialog in the --clean option
  • Added --no_fireprox option if one doesn't need the integrated IP rotation
  • Added --proxy option if one wants to use CredMaster behind a proxy
  • Fixed a few other very minor things (the one that comes to my mind now is the plugin.validate() which was done using a hardcoded old Firefox agent, which now uses a random agent from the user agents file)

I may have forgotten things, but I think this covers a vast majority of what was done here. Do not hesitate to reach out to me directly (here or by email (see the commits mail)) if you need more information or if you want to discuss about this more in depth.

Best regards

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@synacktiv-antoineg