search

x90skysn3k / brutespray

Bruteforcing from various scanner output - Automatically attempts default creds on found services.
MIT License
1.96k stars 381 forks source link

From json #31

Closed c-f closed 4 years ago

c-f commented 5 years ago

Implement json input

This pullrequests let the user also choose json. Furthermore the format was adjusted to make a better guess what the input might be.

Simple JSON format includes (per line): 

{"service":"<name>", "host": "<host>", "port": "<port>"}
{"service":"<name>", "host": "<host>", "port": "<port>"}
...
jrobles-r7 commented 5 years ago

What software are you using that outputs to json like that?

c-f commented 5 years ago

Thanks for the quick response.

Answer

none directly. However i see one big advantage over nmap: the programmatic approach.

Every programming language has the possibility to convert to json. Therefore it comes very handy if json would be supported.

Usecase

jrobles-r7 commented 5 years ago

Nmap is used a lot which is why we wrote for that format. If people want to process their own sources then having a simple format for brutespray to consume makes sense. Although I'd prefer not having another file format, supporting multiple parsers for the output of other tools doesn't sound appealing either (I expect NMAP output will have decent coverage).

JSON with host/service/port works. The nmap parsing does check if the port is open but if people are already doing preprocessing then they could filter out closed ports.

https://xkcd.com/927/

Question

Why a JSON blob per line instead of JSON that is an array of objects? {[{'host':'', 'service':'','port':}, {'host':'', 'service':'','port':}, ...]}

c-f commented 5 years ago

nice comic indeed :) and yes a new format is not always needed.

But the current situation is to generate a fake gnmap file, which feels wrong.

Answer

having jsons per line have a few advantages.

  1. samples and densed information it is very easy to extract samples 

    # sample 
head -n20 services.json > services.20.json
# extract only necessary information
cat services.json | jq -c '{service: .service, host: .host, port: .port}' > services.brutespray.json

  2. debugging: makes debugging much easier

    cat services.json | jq '.' > /dev/null

  3. memory consume: Performance optimazation for large datasets. in my scenario i'll have multiple information saved for each service, which are not needed for brutespray. If i only have one giant json file ( MB/GB) the scripts needs to consume the whole document only to extract a tiny bit of the necessary information. So parsing the information by line reduces the amount of cpu/ram needed.

Further Resources, which also favorites json-lines:

c-f commented 4 years ago

Any updates ?

x90skysn3k commented 4 years ago

going to see if i can implement this

x90skysn3k commented 4 years ago

merged your code into testing branch https://github.com/x90skysn3k/brutespray/commit/6b982bb37a1b521ad31e00e2d1619231c0abac68

x90skysn3k commented 4 years ago

if you want to make any changes please create a new pull request from the testing branch. i'll merge it to master so you can be shown as a contrib..

thanks