Skip to content
/ bruter Public

Brutuer is an OSINT tooling, an experiment to build a reconnaissance simple app to have fun 🕵️‍♂️

License

GPL-3.0 license
34 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CyberRoute/bruter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

105 Commits

.github/workflows

.github/workflows

 
 

cmd/bruter

cmd/bruter

 
 

db

db

 
 

img

img

 
 

pkg

pkg

 
 

static

static

 
 

templates

templates

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

Repository files navigation

go build golangci-lint Go Report Card

Bruter

Bruter is a simple app that was built as an experiment while learning Go. It is indeed very much inspired by Xray git (but hey not copied ;)). The tooling can be used to test webservers and validate webservers configurations, but not just!

What does it do?

  • It grabs HostInfo data from Shodan APIs, so you will need a Token to try this out
  • It collects banners for various services FTP, SSH, MYSQL, IRC, SMTP
  • It collects HTTP headers
  • It collects WHOIS query information
  • It brute force directories on WebServers and reports results (200)
  • It provides info from crt.sh about SSL certificates
  • It supports custom wordlists
  • It produces a Web UI for presentation

Usage

   Usage of /tmp/go-build3838391229/b001/exe/concurrency:
  -address string
    	IP address to bind the web UI server to. (default "127.0.0.1")
  -dictionary string
    	File to use for enumeration. (default "db/apache-list")
  -domain string
    	domain to scan
  -extension string
    	File extension. (default "js")
  -shodan string
    	shodan API key
  -verbose
    	Verbosity
  -workers int
    	Default is 0, if workers is less than or equal than zero, it will be auto scaled to the number of logical CPUs usable by the current process.

Running in Docker

docker build -t bruter .
docker run --rm -it -p 8080:8080 bruter -domain example.com -shodan [shodanapikey] -verbose

Example

go run cmd/bruter/* -domain example.com -shodan [SHODANTOKEN] -verbose
12:41PM INF Scanning IP 93.184.216.34 OK
12:41PM INF UI running on http://127.0.0.1:8080/
12:41PM INF http://example.com/.htaccess.bak => 404 Not Found
12:41PM INF http://example.com/httpd/logs/access_log => 404 Not Found
12:41PM INF http://example.com/logs/error.log => 404 Not Found
12:41PM INF http://example.com/cgi => 404 Not Found
12:41PM INF http://example.com/apache/logs/access_log => 404 Not Found
12:41PM INF http://example.com/apache/logs/access.log => 404 Not Found
12:41PM INF http://example.com/logs/access.log => 404 Not Found
12:41PM INF http://example.com/logs/error_log => 404 Not Found
12:41PM INF http://example.com/httpd/logs/error.log => 404 Not Found
12:41PM INF http://example.com/logs/access.log => 404 Not Found
12:41PM INF http://example.com/cgi-bin => 404 Not Found
12:41PM INF http://example.com/httpd/logs/error_log => 404 Not Found
12:41PM INF http://example.com/.web => 404 Not Found
12:41PM INF http://example.com/httpd/logs/access.log => 404 Not Found
12:41PM INF http://example.com/.meta => 404 Not Found
12:41PM INF http://example.com/apache/logs/error.log => 404 Not Found
12:41PM INF http://example.com/apache/logs/error_log => 404 Not Found

Example of the Web UI

Contribute

Fork the repo and send PRs

make all

Cleaning up
rm -rf build
Running tests...
go test ./... -v -cover -race
?   	github.com/CyberRoute/bruter/cmd/bruter	[no test files]
?   	github.com/CyberRoute/bruter/pkg/config	[no test files]
?   	github.com/CyberRoute/bruter/pkg/grabber	[no test files]
?   	github.com/CyberRoute/bruter/pkg/handlers	[no test files]
?   	github.com/CyberRoute/bruter/pkg/models	[no test files]
?   	github.com/CyberRoute/bruter/pkg/render	[no test files]
?   	github.com/CyberRoute/bruter/pkg/shodan	[no test files]
=== RUN   TestUrlJoin
--- PASS: TestUrlJoin (0.00s)
=== RUN   TestAuth
{"level":"info","time":"2023-03-10T14:25:36+01:00","message":"http://127.0.0.1:36983/ => 200 OK"}
{"level":"info","time":"2023-03-10T14:25:36+01:00","message":"http://127.0.0.1:44337/ => 403 Forbidden"}
{"level":"info","time":"2023-03-10T14:25:36+01:00","message":"http://127.0.0.1:45357/ => 500 Internal Server Error"}
--- PASS: TestAuth (0.01s)
PASS
	github.com/CyberRoute/bruter/pkg/fuzzer	coverage: 71.0% of statements
ok  	github.com/CyberRoute/bruter/pkg/fuzzer	0.044s	coverage: 71.0% of statements
=== RUN   TestResolveByName
=== RUN   TestResolveByName/valid_domain
=== RUN   TestResolveByName/invalid_domain
--- PASS: TestResolveByName (0.14s)
    --- PASS: TestResolveByName/valid_domain (0.00s)
    --- PASS: TestResolveByName/invalid_domain (0.13s)
PASS
	github.com/CyberRoute/bruter/pkg/network	coverage: 26.7% of statements
ok  	github.com/CyberRoute/bruter/pkg/network	0.165s	coverage: 26.7% of statements
Running lint...
go list ./... | golangci-lint run 
Formatting...
gofmt -s -w .
Building...
go build -o build/bruter cmd/bruter/*.go

License

Bruter is developed by Alessandro Bresciani with some help from various projects and released with GPL license.

Acknowledgments

DB file has been borrowed from dirsearch

About

Brutuer is an OSINT tooling, an experiment to build a reconnaissance simple app to have fun 🕵️‍♂️

Topics

golang security security-audit osint grabber bruteforce wordlist enumeration fuzzing dirsearch information-gathering security-tools dirbuster dir-buster reconnaissance web-enumeration directory-brute-forcing

Resources

Readme

License

GPL-3.0 license
Activity

Stars

34 stars

Watchers

2 watching

Forks

6 forks
Report repository

Releases 3

v1.2.0-beta Latest
Feb 13, 2024
+ 2 releases

Packages

No packages published

Languages