This PR is the comeback of PR #74. The code has been tested and rearranged a bit.
First of all, I'm really sorry this PR is still not atomic at all. Nonetheless, here are the changes proposed:
Reworked the core of CredMaster: added the CredentialPool object, now responsible for handling all credentials pairs and timings. The CredMaster object uses it to get the credentials to spray in its spray_threads
Thanks to the CredentialPool, CredMaster now supports a cache (SQLite). This makes sure that hitting CTRL+C and re-launching with the same config file and wordlist does not retry previous attempts
Thanks to the CredentialPool, the timings specified in the command-line are now "as seen by the target" (as opposed to "per thread" currently)
Thanks to the CredentialPool, it is now possible to combine multiple sources for usernames and passwords in the command line: a passwordfile (list of passwords to spray for all users), a passwordconfig (json pointing to list of passwords per domain, for cases when your userlist contains users from different domains), and a userpassfile (for specific and unique username/password combo)
You can now press the spacebar on your keyboard while CredMaster is running. This will give you some stats on the running instance, as well as an approximated ETA
Plugins can now signal the core that a user does not exist by returning the string "inexistant" in the response["result"]
You can now remove all occurences of the string "fireprox" from AWS, for better OPsec
Added a confirmation dialog in the --clean option
Added --no_fireprox option if one doesn't need the integrated IP rotation
Added --proxy option if one wants to use CredMaster behind a proxy
Fixed a few other very minor things (the one that comes to my mind now is the plugin.validate() which was done using a hardcoded old Firefox agent, which now uses a random agent from the user agents file)
I may have forgotten things, but I think this covers a vast majority of what was done here. Do not hesitate to reach out to me directly (here or by email (see the commits mail)) if you need more information or if you want to discuss about this more in depth.
Hello !
This PR is the comeback of PR #74. The code has been tested and rearranged a bit.
First of all, I'm really sorry this PR is still not atomic at all. Nonetheless, here are the changes proposed:
I may have forgotten things, but I think this covers a vast majority of what was done here. Do not hesitate to reach out to me directly (here or by email (see the commits mail)) if you need more information or if you want to discuss about this more in depth.
Best regards