Closed LMAOMOBILE closed 2 years ago
Thanks for reporting. I've pushed a fix. Can you try again with the latest dev branch?
pip install --force-reinstall git+https://github.com/blacklanternsecurity/trevorspray@dev
I reinstalled the dev version and tested -d 300 -j 120. one attempt slept for 5 minutes give or take but then another one only slept for 28 seconds. is there a max delay or jitter?
There isn't a limit on sleep time. But when the ssh proxy is enabled, a separate thread is spawned for each ssh session. Sleep time is per thread, meaning that if you are coming from 4 different IP addresses and you specify --delay 60
, you will be trying four passwords per minute (one per minute per IP) .
That explains what I was seeing. Thanks very much!
here's the command i'm working with:
python3 cli.py -m okta -u usernames.txt -p Winter2021! --delay 10 --jitter 120 --ssh user@IPADDRESS user@IPADDRESS user@IPADDRESS -f
i've also tried using the -d and -j versions of the flag and got the same results. i've also tried putting the delay and jitter flags at the end of the command. regardless, it just sprays at max speed