Resume brute force - Githubissues

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

https://wpscan.com/wordpress-cli-scanner

Other

8.37k stars 1.24k forks source link

Resume brute force #692

Open yanickrochon opened 9 years ago

yanickrochon commented 9 years ago

When testing brute forcing a site, I came upon a server restart, which broke the program execution (with Server error messages). I had to manually truncate the wordlist file to resume the process. This should be avoided with a CLI argument to specify at what line to start reading for words.

Something like

./wpscan.rb --url http://wp-domain.com --wordlist 'wordlist.txt' --wordlist-seek 1234 --username admin

The argument --wordlist-seek, for example, would simply jump at the specified line in the file and start from there. Other names could be, not not limited to : --wordlist-start, --wordlist-line, --wordlist-offset, --wordlist-resume, or --wordlist-skip, etc.

erwanlr commented 9 years ago

Not as easy and clean as I thought :x

The File#seek only accept bytes as offset, but not a line number :/

Would need to go over each line, and skip if the line number is < the value supplied :|

yanickrochon commented 9 years ago

@erwanlr no low-level API support line numbers anyhow. Usually, high-level API buffers text read and scan for the newline character(s) and consume the file content "line-by-line" this way. (When the buffer contains no more newline character, and EOF has not been reached, read more data and append to the buffer).

In any case, reading and seeking the wordlist file like that is faster than restarting the brute force from zero. I don't code in Ruby so I'm not much help here.

yanickrochon commented 9 years ago

Just add a counter here that will skip until the starting line number is reached (defaults to 1 for the first line, or if the line number is not specified). And voilà!

Edit

Actually, I would lean toward using ---wordlist-skip n where n is zero-based. Then skip wordlist iterations until the progress bar's current value is greater than the argument value.

OwenMelbz commented 9 years ago

is there any movement on this? I'm having the script seem to just timeout after approx 10 hours at 4% for example. No way to resume :(

frafrichile commented 9 years ago

Same here. Any updates on this? Thanks for the work you do

LucasRoot commented 7 years ago

Needing this too

rimiti commented 4 years ago

any update about this issue?

pd-brainsid commented 4 years ago

+1 it will help a lot