search

x90skysn3k / brutespray

Bruteforcing from various scanner output - Automatically attempts default creds on found services.
MIT License
1.96k stars 381 forks source link

Parallelism is not present anymore #71

Closed dinosn closed 4 months ago

dinosn commented 4 months ago

Hi,

Thank you for sharing the tool some notes on the new release.

  1. The -T option that was bringing parallel enumeration does not exist anymore which make the tool significant slow.
  2. The output also option does not exist in the new release which was helpful for automation process, and finally
  3. One general recommendation for improvement, a better error handling when requests are throttled or the service does not accept further attempts ( e.g. vnc service already blocking connection due to max amount of failed attempts )

Regards, Nicolas

x90skysn3k commented 4 months ago

Hey @dinosn, this was something I was aware of and I am currently working on. With the rewrite I knew I was introducing some regressions, however you can still use the older python tags until I push a fix. The next release should have these implemented how the old python version implemented it. On the 3rd issue you mentioned I currently have it retry on connection failed or timeout, you can specify the amount of retries before it gives up.

Please feel free to open up additional issues and I will tackle these as I have time.

Thanks!

dinosn commented 4 months ago

Hi, Thank you for the prompt response, I believe the community is looking forward for the tool. For the retry on failed a clarification, in some cases a service will not allow further attempts, for example on vnc, the following might be present as a response:

 CConn:       Connection failed: Too many security failures

In that case the tool doesn't need to try further as all connections are blocked.

Looking forward for the updates.

Regards, Nicolas

x90skysn3k commented 4 months ago

Ahh I see yes I will look into that further. I’ll keep this open until the fixes have been implemented! Thanks!

x90skysn3k commented 4 months ago

72 should have 2 / 3 fixes implemented. I will be working on better connection handling for next releases. Currently if anything connection fails whether timeout or the host is not up it backs off attempts and only retries by the Int provided by the argument.

x90skysn3k commented 4 months ago

closing this as I have pushed fixes for all but 3, but will work on better handling for more major releases