GithubHelp home page GithubHelp logo

ritredteam / streetcred Goto Github PK

View Code? Open in Web Editor NEW
13.0 4.0 3.0 58 KB

Tool created for Red Team to test default credentials on SSH and WinRM and then execute scripts with those credentials before the password can be changed by Blue Team.

License: MIT License

Go 98.81% Dockerfile 1.19%

streetcred's Introduction

StreetCred

Tool created for Red Team to test default credentials on SSH and WinRM and then execute scripts with those credentials before the password can be changed by Blue Team.

Setup

The configuration file is located at config/config.yml. This is what will be looked for when the -c option is utilized.

If using the command line, just supply options as noted in the section below.

Using Docker

If you plan on using Docker, a config file must be used.

docker build -t default .
docker run default

Using the command line

go run main.go [options]
OR
go build main.go then ./main [options]

Example command

go run main.go -o output.txt -p password123 -u users.txt -b boxes.txt -s script.ps1

All Options

  -c
      If using a config file, use of this arg will set to bool value to true. Other arguments do not have to be provided.
  -b string
      Path to file containing list of boxes.
  -o string
      Output file name for successful responses. (default "output.txt")
  -p string
      Password to attempt on users and boxes.
  -s string
      Path to a script that should be executed on successful SSH/WinRM logon. If this option is not set, a script will not be executed.
  -u string
      Path to file containing list of users.

streetcred's People

Contributors

staticv0yd avatar d3adzo avatar me3031 avatar

Stargazers

avatar avatar Kip Rath avatar Andrew Quan avatar Tatiana A. Kurmasheva avatar avatar avatar avatar avatar Evan avatar Jason Howe avatar Michael avatar this is it avatar

Watchers

James Cloos avatar avatar avatar avatar

Forkers

phuong39 kc0sm0s

streetcred's Issues

create config file

Add functionality to BruhDotZip by creating a config file alternative.
The tool would read the config and substitute in the variables to the program at run time
Variables could be assigned in the config or via the command line.
Additionally, you can add an option -c/-configFile for the config file, which allows you to build multiple, separate configs for linux and windows

Rewrite Config Parsing + CLI Arg Intake

From @mav8557
If need be we can use a struct - I have a repo somewhere doing this for an example. The idea then would be to read in the config file to a Config struct, then read in the arguments (so they overrule config file options) and then pass that parse configuration struct around where it's needed, as part of an application context. I can work on that later, but an example of what I mean is here: https://github.com/carolynvs/emote/blob/master/config/config.go#L23

Thread Pool

Right now three goroutines are spawned per user, per box. This is a lot and will get slow with a large network.

A thread pool architecture can help. A certain number of threads, passed as configuration, are spawned at the beginning, and pull Jobs from the same channel. Each Job represents a connection attempt against a particular box, including the Username, IP, and protocol (SSH, SMB, winrm, etc).

Docker

This seems like it would be very simple to Dockerize and it would make it simpler to deploy for future red teams

Name

Please change the name of this project (for the love of god)

Webhook Support

Add webhook support for Discord/Slack/etc, potentially as a reusable interface for logging passwords in general.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.