-
Notifications
You must be signed in to change notification settings - Fork 8
/
main.go
156 lines (138 loc) · 3.68 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
package main
import (
"EBurstGo/lib"
"flag"
"github.com/fatih/color"
"io"
"os"
"strings"
)
func main() {
var (
targetUrl string
mode string
check bool
domain string
user string
pass string
userf string
passf string
userpassf string
userAsPass bool
usePth bool
proxy string
t int
v bool
delay int
debug bool
nocolor bool
o string
nosave bool
)
flag.StringVar(&targetUrl, "url", "", "Exchange 服务器地址")
flag.StringVar(&mode, "mode", "", "指定 Exchange Web 接口")
flag.BoolVar(&check, "check", false, "检测目标 Exchange 可用接口")
flag.StringVar(&domain, "domain", "", "AD 域名")
flag.StringVar(&user, "user", "", "指定用户名")
flag.StringVar(&pass, "pass", "", "指定密码")
flag.StringVar(&userf, "userf", "", "用户名字典")
flag.StringVar(&passf, "passf", "", "密码字典")
flag.StringVar(&userpassf, "userpassf", "", "指定用户名密码字典 (user:pass)")
flag.BoolVar(&userAsPass, "user-as-pass", false, "指定密码与用户名相同")
flag.BoolVar(&usePth, "pth", false, "指定为 Pth 模式 (Pass The Hash)")
flag.StringVar(&proxy, "proxy", "", "指定 socks/http(s) 代理")
flag.StringVar(&o, "o", "result.txt", "指定结果输出文件")
flag.BoolVar(&nosave, "nosave", false, "不将结果输出至文件")
flag.IntVar(&t, "t", 2, "协程数量")
flag.IntVar(&delay, "delay", 0, "请求延时")
flag.BoolVar(&v, "v", false, "显示详细信息")
flag.BoolVar(&debug, "debug", false, "显示 Debug 信息")
flag.BoolVar(&nocolor, "nocolor", false, "关闭输出颜色")
flag.Parse()
if len(os.Args) == 1 {
flag.Usage()
return
}
if nocolor {
color.NoColor = true
}
if nosave {
o = ""
}
lib.Log = &lib.Logging{Verbose: v, IsDebug: debug}
var dict [][]string
if check {
lib.Check(targetUrl)
} else {
if userpassf != "" {
fp, _ := os.Open(userpassf)
defer fp.Close()
b, _ := io.ReadAll(fp)
for _, v := range strings.Split(string(b), "\n") {
if v != "" {
u, p, _ := strings.Cut(v, ":")
dict = append(dict, []string{u, p})
}
}
lib.Log.Info("[*] 用户名:密码共计:%v", len(dict))
} else {
var userDict []string
var passDict []string
if user != "" {
userDict = []string{user}
}
if userf != "" {
fp, _ := os.Open(userf)
defer fp.Close()
b, _ := io.ReadAll(fp)
for _, v := range strings.Split(string(b), "\n") {
if v != "" {
userDict = append(userDict, v)
}
}
}
if pass != "" {
passDict = []string{pass}
}
if passf != "" {
fp, _ := os.Open(passf)
defer fp.Close()
b, _ := io.ReadAll(fp)
for _, v := range strings.Split(string(b), "\n") {
if v != "" {
passDict = append(passDict, v)
}
}
}
for _, u := range userDict {
if userAsPass {
dict = append(dict, []string{u, u})
} else {
for _, p := range passDict {
dict = append(dict, []string{u, p})
}
}
}
if userAsPass {
lib.Log.Info("[*] 用户名:%v 密码:%v 共计:%v", len(userDict), len(userDict), len(dict))
} else {
lib.Log.Info("[*] 用户名:%v 密码:%v 共计:%v", len(userDict), len(passDict), len(dict))
}
}
var worker lib.BruteWorker
switch mode {
case "autodiscover", "ews", "mapi", "oab", "rpc":
worker = lib.NtlmBruteWorker
case "activesync":
worker = lib.BasicBruteWorker
case "owa", "ecp":
worker = lib.HttpBruteWorker
case "powershell":
worker = lib.KerberosBruteWorker
default:
lib.Log.Failed("[-] Exchange 接口无效")
return
}
lib.BruteRunner(targetUrl, mode, domain, dict, t, delay, proxy, o, usePth, worker)
}
}