badtouch
badtouch is a scriptable network authentication cracker. While the space for common service bruteforce is already very well saturated, you may still end up writing your own python scripts when testing credentials for web applications.
The scope of badtouch is specifically cracking custom services. This is done by
writing scripts that are loaded into a lua runtime. Those scripts represent a
single service and provide a verify(user, password)
function that returns
either true or false. Concurrency, progress indication and reporting is
magically provided by the badtouch runtime.
Reference
- execve
- http_basic_auth
- ldap_bind
- ldap_escape
- mysql_connect
- rand
- sleep
- Examples
- Wrapping python scripts
execve
Execute an external program. Returns the exit code.
execve
http_basic_auth
Sends a GET
request with basic auth. Returns true
if no WWW-Authenticate
header is set and the status code is not 401
.
http_basic_auth
ldap_bind
Connect to an ldap server and try to authenticate with the given user
ldap_bind
ldap_escape
Escape an attribute value in a relative distinguished name.
ldap_escape
ldap_search_bind
Connect to an ldap server, log into a search user, search for the target user and then try to authenticate with the first DN that was returned by the search.
ldap_search_bind
mysql_connect
Connect to a mysql database and try to authenticate with the provided
credentials. Returns true
on success.
mysql_connect
rand
Returns a random u32
with a minimum and maximum constraint. The return value
can be greater or equal to the minimum boundary, and always lower than the
maximum boundary. This function has not been reviewed for cryptographic
security.
rand
sleep
Pauses the thread for the specified number of seconds. This is mostly used to debug concurrency.
sleep
Wrapping python scripts
The badtouch runtime is still extremely bare bones, so you might have to shell out to your regular python script occasionally. Your wrapper my look like this:
descr = "example.com"
Your python script may look like this:
# correct credentials
# incorrect credentials
License
GPLv3+