changeme
changeme copied to clipboard
ztgrace
Option to stop bruteforcing after at least one valid creds pair for each target was found
Add a parameter to disable continuous bruteforcing when using two or more default credentials to speed up scans.
hi again @ztgrace i am very impressed by this project cuz it is in python and easy to be grown by community. i believe this project have much more perspectives even than famous "hydra". i will introduce your tool to netstalking community in my paper-guide very soon. besides creatings an issues i would like to make some pull requests too by myself. at least some new creds profiles and improving the screenshoting function by "camera" category, to grab a video-channel jpeg snaphots just by python requests. (i.e. http://admin:[email protected]:80/cgi-bin/net_jpeg.cgi/?ch=1) thank u for ur great work!
could u please give me dirty and easy solution for this main issue just for now?
Right now there's no configuration option to stop as the scanner was designed to be more of a vulnerability auditor vs a pen testing tool. It would be possible to implement this feature, however it might not behave as expected.
All scanner objects are placed into a queue: https://github.com/ztgrace/changeme/blob/master/changeme/scan_engine.py#L146 and to terminate the scanning, you'd just have to empty out the queue here https://github.com/ztgrace/changeme/blob/master/changeme/scan_engine.py#L121 with something like the code below (I haven't tested). One thing to think about is that this would stop all queued scans for all hosts. If the desired feature is to only stop scans for the host that has valid creds, it will require more code and thought around how to handle it.
while not self.scanners.empty():
self.scanners.get()
thank u for fast response! i'll try to figure out the best way to implement this feature