Scriptable network authentication cracker

Overview

badtouch Crates.io

badtouch is a scriptable network authentication cracker. While the space for common service bruteforce is already very well saturated, you may still end up writing your own python scripts when testing credentials for web applications.

The scope of badtouch is specifically cracking custom services. This is done by writing scripts that are loaded into a lua runtime. Those scripts represent a single service and provide a verify(user, password) function that returns either true or false. Concurrency, progress indication and reporting is magically provided by the badtouch runtime.

asciicast

Installation

If you are on an archlinux based system, use

pacman -S badtouch

If you are on Mac OSX, use

brew install badtouch

To build from source, make sure you have rust and libssl-dev installed and run

cargo install

Verify your setup is complete with

badtouch --help

Debian

  1. Install essential build tools
sudo apt-get update && sudo apt-get dist-upgrade
sudo apt-get install build-essential libssl-dev pkg-config
  1. Install rust
curl -sf -L https://static.rust-lang.org/rustup.sh | sh
source $HOME/.cargo/env
  1. Install badtouch
cd /path/to/badtouch
cargo install

Scripting

A simple script could look like this:

descr = "example.com"

function verify(user, password)
    session = http_mksession()

    -- get csrf token
    req = http_request(session, 'GET', 'https://example.com/login', {})
    resp = http_send(req)
    if last_err() then return end

    -- parse token from html
    html = resp['text']
    csrf = html_select(html, 'input[name="csrf"]')
    token = csrf["attrs"]["value"]

    -- send login
    req = http_request(session, 'POST', 'https://example.com/login', {
        form={
            user=user,
            password=password,
            csrf=token
        }
    })
    resp = http_send(req)
    if last_err() then return end

    -- search response for successful login
    html = resp['text']
    return html:find('Login successful') != nil
end

Please see the reference and examples for all available functions. Keep in mind that you can use print(x) and badtouch oneshot to debug your script.

Reference

base64_decode

Decode a base64 string.

base64_decode("ww==")

base64_encode

Encode a binary array with base64.

base64_encode("\x00\xff")

clear_err

Clear all recorded errors to prevent a requeue.

if last_err() then
    clear_err()
    return false
else
    return true
end

execve

Execute an external program. Returns the exit code.

execve("myprog", {"arg1", "arg2", "--arg", "3"})

hex

Hex encode a list of bytes.

hex("\x6F\x68\x61\x69\x0A\x00")

hmac_md5

Calculate an hmac with md5. Returns a binary array.

hmac_md5("secret", "my authenticated message")

hmac_sha1

Calculate an hmac with sha1. Returns a binary array.

hmac_sha1("secret", "my authenticated message")

hmac_sha2_256

Calculate an hmac with sha2_256. Returns a binary array.

hmac_sha2_256("secret", "my authenticated message")

hmac_sha2_512

Calculate an hmac with sha2_512. Returns a binary array.

hmac_sha2_512("secret", "my authenticated message")

hmac_sha3_256

Calculate an hmac with sha3_256. Returns a binary array.

hmac_sha3_256("secret", "my authenticated message")

hmac_sha3_512

Calculate an hmac with sha3_512. Returns a binary array.

hmac_sha3_512("secret", "my authenticated message")

html_select

Parses an html document and returns the first element that matches the css selector. The return value is a table with text being the inner text and attrs being a table of the elements attributes.

csrf = html_select(html, 'input[name="csrf"]')
token = csrf["attrs"]["value"]

html_select_list

Same as html_select but returns all matches instead of the first one.

html_select_list(html, 'input[name="csrf"]')

http_basic_auth

Sends a GET request with basic auth. Returns true if no WWW-Authenticate header is set and the status code is not 401.

http_basic_auth("https://httpbin.org/basic-auth/foo/buzz", user, password)

http_mksession

Create a session object. This is similar to requests.Session in python-requests and keeps track of cookies.

session = http_mksession()

http_request

Prepares an http request. The first argument is the session reference and cookies from that session are copied into the request. After the request has been sent, the cookies from the response are copied back into the session.

The next arguments are the method, the url and additional options. Please note that you still need to specify an empty table {} even if no options are set. The following options are available:

  • query - a map of query parameters that should be set on the url
  • headers - a map of headers that should be set
  • basic_auth - configure the basic auth header with {"user, "password"}
  • user_agent - overwrite the default user agent with a string
  • json - the request body that should be json encoded
  • form - the request body that should be form encoded
  • body - the raw request body as string
req = http_request(session, 'POST', 'https://httpbin.org/post', {
    json={
        user=user,
        password=password,
    }
})
resp = http_send(req)
if last_err() then return end
if resp["status"] ~= 200 then return "invalid status code" end

http_send

Send the request that has been built with http_request. Returns a table with the following keys:

  • status - the http status code
  • headers - a table of headers
  • text - the response body as string
req = http_request(session, 'POST', 'https://httpbin.org/post', {
    json={
        user=user,
        password=password,
    }
})
resp = http_send(req)
if last_err() then return end
if resp["status"] ~= 200 then return "invalid status code" end

json_decode

Decode a lua value from a json string.

json_decode("{\"data\":{\"password\":\"fizz\",\"user\":\"bar\"},\"list\":[1,3,3,7]}")

json_encode

Encode a lua value to a json string. Note that empty tables are encoded to an empty object {} instead of an empty list [].

x = json_encode({
    hello="world",
    almost_one=0.9999,
    list={1,3,3,7},
    data={
        user=user,
        password=password,
        empty=nil
    }
})

last_err

Returns nil if no error has been recorded, returns a string otherwise.

if last_err() then return end

ldap_bind

Connect to an ldap server and try to authenticate with the given user.

ldap_bind("ldaps://ldap.example.com/",
    "cn=\"" .. ldap_escape(user) .. "\",ou=users,dc=example,dc=com", password)

ldap_escape

Escape an attribute value in a relative distinguished name.

ldap_escape(user)

ldap_search_bind

Connect to an ldap server, log into a search user, search for the target user and then try to authenticate with the first DN that was returned by the search.

ldap_search_bind("ldaps://ldap.example.com/",
    -- the user we use to find the correct DN
    "cn=search_user,ou=users,dc=example,dc=com", "searchpw",
    -- base DN we search in
    "dc=example,dc=com",
    -- the user we test
    user, password)

md5

Hash a byte array with md5 and return the results as bytes.

hex(md5("\x00\xff"))

mysql_connect

Connect to a mysql database and try to authenticate with the provided credentials. Returns a mysql connection on success.

sock = mysql_connect("127.0.0.1", 3306, user, password)

mysql_query

Run a query on a mysql connection. The 3rd parameter is for prepared statements.

rows = mysql_query(sock, 'SELECT VERSION(), :foo as foo', {
    foo='magic'
})

print

Prints the value of a variable. Please note that this bypasses the regular writer and may interfer with the progress bar. Only use this for debugging.

print({
    data={
        user=user,
        password=password
    }
})

rand

Returns a random u32 with a minimum and maximum constraint. The return value can be greater or equal to the minimum boundary, and always lower than the maximum boundary. This function has not been reviewed for cryptographic security.

rand(0, 256)

randombytes

Generate the specified number of random bytes.

randombytes(16)

sha1

Hash a byte array with sha1 and return the results as bytes.

hex(sha1("\x00\xff"))

sha2_256

Hash a byte array with sha2_256 and return the results as bytes.

hex(sha2_256("\x00\xff"))

sha2_512

Hash a byte array with sha2_512 and return the results as bytes.

hex(sha2_512("\x00\xff"))

sha3_256

Hash a byte array with sha3_256 and return the results as bytes.

hex(sha3_256("\x00\xff"))

sha3_512

Hash a byte array with sha3_512 and return the results as bytes.

hex(sha3_512("\x00\xff"))

sleep

Pauses the thread for the specified number of seconds. This is mostly used to debug concurrency.

sleep(3)

sock_connect

Create a tcp connection.

sock = sock_connect("127.0.0.1", 1337)

sock_send

Send data to the socket.

sock_send(sock, "hello world")

sock_recv

Receive up to 4096 bytes from the socket.

x = sock_recv(sock)

sock_sendline

Send a string to the socket. A newline is automatically appended to the string.

sock_sendline(sock, line)

sock_recvline

Receive a line from the socket. The line includes the newline.

x = sock_recvline(sock)

sock_recvall

Receive all data from the socket until EOF.

x = sock_recvall(sock)

sock_recvline_contains

Receive lines from the server until a line contains the needle, then return this line.

x = sock_recvline_contains(sock, needle)

sock_recvline_regex

Receive lines from the server until a line matches the regex, then return this line.

x = sock_recvline_regex(sock, "^250 ")

sock_recvn

Receive exactly n bytes from the socket.

x = sock_recvn(sock, 4)

sock_recvuntil

Receive until the needle is found, then return all data including the needle.

x = sock_recvuntil(sock, needle)

sock_sendafter

Receive until the needle is found, then write data to the socket.

sock_sendafter(sock, needle, data)

sock_newline

Overwrite the default \n newline.

sock_newline(sock, "\r\n")

Configuration

You can place a config file at ~/.config/badtouch.toml to set some defaults.

Global user agent

[runtime]
user_agent = "w3m/0.5.3+git20180125"

RLIMIT_NOFILE

[runtime]
# requires CAP_SYS_RESOURCE
# sudo setcap 'CAP_SYS_RESOURCE=+ep' /usr/bin/badtouch
rlimit_nofile = 64000

Wrapping python scripts

The badtouch runtime is still very bare bones, so you might have to shell out to your regular python script occasionally. Your wrapper may look like this:

descr = "example.com"

function verify(user, password)
    ret = execve("./docs/test.py", {user, password})
    if last_err() then return end

    if ret == 2 then
        return "script signaled an exception"
    end

    return ret == 0
end

Your python script may look like this:

import sys

try:
    if sys.argv[1] == "foo" and sys.argv[2] == "bar":
        # correct credentials
        sys.exit(0)
    else:
        # incorrect credentials
        sys.exit(1)
except:
    # signal an exception
    # this requeues the attempt instead of discarding it
    sys.exit(2)

License

GPLv3+

Comments
  • Outdated Cargo.lock file?

    Outdated Cargo.lock file?

    badtouch is currently failing to build for Homebrew with Rust 1.49 on Apple Silicon: https://github.com/Homebrew/homebrew-core/pull/68089

    It appears this is due to a stale lock file, causing cargo install --locked to pull in dependencies that do not work for badtouch on Apple Silicon. Is it possible for the Cargo.lock file to be updated? If this could be done with a new release, that would be especially helpful.

    Related: https://github.com/Homebrew/homebrew-core/issues/68301

    opened by carlocab 5
  • badtouch 0.7.2 failed to set RLIMIT_NOFILE on mojave and catalina

    badtouch 0.7.2 failed to set RLIMIT_NOFILE on mojave and catalina

    $ /usr/local/Cellar/badtouch/0.7.2/bin/badtouch oneshot -vvx true.lua foo
    [2021-01-14T05:00:37Z DEBUG badtouch::ulimit] soft_limit=256, hard_limit=9223372036854775807
    [2021-01-14T05:00:37Z INFO  badtouch::ulimit] setting NOFILE limit to 9223372036854775807
    Error: Failed to set RLIMIT_NOFILE
    
    Caused by:
        Invalid argument (os error 22)
    

    full log, https://github.com/Homebrew/homebrew-core/runs/1683397269 relates to https://github.com/Homebrew/homebrew-core/pull/68806

    opened by chenrui333 2
  • authoscope build failure with OpenSSL 3.0

    authoscope build failure with OpenSSL 3.0

    authoscope v0.8.0 OpenSSL 3.0.2 I attempted to build the package as follows:

    cargo build --release --locked
        Updating crates.io index
     Downloading crates ...
      Downloaded async-trait v0.1.50
      Downloaded cipher v0.2.5
      Downloaded byte-tools v0.3.1
      Downloaded futures-core v0.3.15
      Downloaded futures-channel v0.3.15
      Downloaded keccak v0.1.0
      Downloaded hmac v0.11.0
      Downloaded itoa v0.4.7
      Downloaded markup5ever v0.10.1
      Downloaded num-bigint v0.2.6
      Downloaded maplit v1.0.2
      Downloaded openssl v0.10.34
      Downloaded rand_chacha v0.3.0
      Downloaded quote v1.0.9
      Downloaded proc-macro2 v1.0.27
      Downloaded mio v0.7.11
      Downloaded pkg-config v0.3.19
      Downloaded new_debug_unreachable v1.0.4
      Downloaded lexical v5.2.2
      Downloaded matches v0.1.8
      Downloaded num-integer v0.1.44
      Downloaded sha1 v0.6.0
      Downloaded serde_derive v1.0.126
      Downloaded h2 v0.3.3
      Downloaded serde_urlencoded v0.7.0
      Downloaded reqwest v0.11.3
      Downloaded slab v0.4.3
      Downloaded sha2 v0.9.5
      Downloaded serde v1.0.126
      Downloaded smallvec v1.6.1
      Downloaded nix v0.20.0
      Downloaded socket2 v0.3.19
      Downloaded futures-executor v0.3.15
      Downloaded crypto-mac v0.11.0
      Downloaded socket2 v0.4.0
      Downloaded pbr v1.0.4
      Downloaded humantime v2.1.0
      Downloaded lru v0.6.5
      Downloaded num_cpus v1.13.0
      Downloaded num-traits v0.2.14
      Downloaded idna v0.2.3
      Downloaded mysql v20.1.0
      Downloaded rlimit v0.5.4
      Downloaded sha-1 v0.9.6
      Downloaded rand_core v0.6.2
      Downloaded subtle v2.4.0
      Downloaded threadpool v1.8.1
      Downloaded thiserror-impl v1.0.25
      Downloaded tinyvec v1.2.0
      Downloaded time-macros v0.1.1
      Downloaded thiserror v1.0.25
      Downloaded opaque-debug v0.3.0
      Downloaded openssl-probe v0.1.4
      Downloaded opaque-debug v0.2.3
      Downloaded memchr v2.4.0
      Downloaded termios v0.3.3
      Downloaded tokio-native-tls v0.3.0
      Downloaded tracing-core v0.1.18
      Downloaded typenum v1.13.0
      Downloaded unicode-bidi v0.3.5
      Downloaded unicode-width v0.1.8
      Downloaded arrayvec v0.5.2
      Downloaded ahash v0.4.7
      Downloaded autocfg v1.0.1
      Downloaded unicode-segmentation v1.7.1
      Downloaded siphasher v0.3.5
      Downloaded anyhow v1.0.40
      Downloaded syn v1.0.72
      Downloaded base64 v0.13.0
      Downloaded phf_generator v0.8.0
      Downloaded tokio-util v0.6.7
      Downloaded phf_macros v0.8.0
      Downloaded base64 v0.12.3
      Downloaded pem v0.8.3
      Downloaded digest v0.8.1
      Downloaded toml v0.5.8
      Downloaded termios v0.2.2
      Downloaded tokio-stream v0.1.6
      Downloaded block-buffer v0.9.0
      Downloaded string_cache v0.8.1
      Downloaded twox-hash v1.6.0
      Downloaded phf_codegen v0.8.0
      Downloaded block-padding v0.1.5
      Downloaded block-buffer v0.7.3
      Downloaded phf v0.8.0
      Downloaded percent-encoding v2.1.0
      Downloaded once_cell v1.7.2
      Downloaded structopt-derive v0.4.14
      Downloaded bufstream v0.1.4
      Downloaded block-padding v0.2.1
      Downloaded structopt v0.3.21
      Downloaded cfg-if v1.0.0
      Downloaded cfg-if v0.1.10
      Downloaded mysql_common v0.24.1
      Downloaded standback v0.2.17
      Downloaded bytes v0.5.6
      Downloaded nodrop v0.1.14
      Downloaded lua52-sys v0.1.2
      Downloaded bytes v1.0.1
      Downloaded cc v1.0.68
      Downloaded ansi_term v0.11.0
      Downloaded atty v0.2.14
      Downloaded byteorder v1.4.3
      Downloaded precomputed-hash v0.1.1
      Downloaded phf_shared v0.8.0
      Downloaded openssl-sys v0.9.63
      Downloaded proc-macro-error v1.0.4
      Downloaded chrono v0.4.19
      Downloaded proc-macro-error-attr v1.0.4
      Downloaded pin-project v1.0.7
      Downloaded bigdecimal v0.1.2
      Downloaded proc-macro-hack v0.5.19
      Downloaded blowfish v0.7.0
      Downloaded proc-macro-nested v0.1.7
      Downloaded tracing v0.1.26
      Downloaded pin-project-lite v0.2.6
      Downloaded tokio-macros v1.2.0
      Downloaded cpufeatures v0.1.4
      Downloaded colored v2.0.0
      Downloaded rand_chacha v0.2.2
      Downloaded rand v0.7.3
      Downloaded servo_arc v0.1.1
      Downloaded termcolor v1.1.2
      Downloaded selectors v0.22.0
      Downloaded cssparser v0.27.2
      Downloaded dtoa-short v0.3.3
      Downloaded dirs-sys-next v0.1.2
      Downloaded fnv v1.0.7
      Downloaded dirs-next v2.0.0
      Downloaded digest v0.9.0
      Downloaded crossbeam-utils v0.8.4
      Downloaded crc32fast v1.2.1
      Downloaded foreign-types v0.3.2
      Downloaded rand v0.8.3
      Downloaded fxhash v0.2.1
      Downloaded rand_pcg v0.2.1
      Downloaded clap v2.33.3
      Downloaded aho-corasick v0.7.18
      Downloaded bitflags v1.2.1
      Downloaded stable_deref_trait v1.2.0
      Downloaded ppv-lite86 v0.2.10
      Downloaded http v0.2.4
      Downloaded lexical-core v0.7.6
      Downloaded foreign-types-shared v0.1.1
      Downloaded const_fn v0.4.8
      Downloaded env_logger v0.8.3
      Downloaded convert_case v0.4.0
      Downloaded tokio v1.6.0
      Downloaded strsim v0.8.0
      Downloaded unicode-normalization v0.1.17
      Downloaded utf-8 v0.7.6
      Downloaded string_cache_codegen v0.5.1
      Downloaded ryu v1.0.5
      Downloaded time-macros-impl v0.1.1
      Downloaded tendril v0.4.2
      Downloaded textwrap v0.11.0
      Downloaded rand_core v0.5.1
      Downloaded serde_json v1.0.64
      Downloaded flate2 v1.0.20
      Downloaded futures-task v0.3.15
      Downloaded generic-array v0.14.4
      Downloaded sha2 v0.8.2
      Downloaded generic-array v0.12.4
      Downloaded url v2.2.2
      Downloaded want v0.3.0
      Downloaded regex-syntax v0.6.25
      Downloaded sha3 v0.9.1
      Downloaded version_check v0.9.3
      Downloaded unicode-xid v0.2.2
      Downloaded mac v0.1.1
      Downloaded derive_utils v0.11.2
      Downloaded getch v0.2.1
      Downloaded bcrypt v0.9.0
      Downloaded futures-io v0.3.15
      Downloaded futures-sink v0.3.15
      Downloaded futures-macro v0.3.15
      Downloaded httpdate v1.0.1
      Downloaded heck v0.3.2
      Downloaded http-body v0.4.2
      Downloaded derive_more v0.99.14
      Downloaded ipnet v2.3.0
      Downloaded html5ever v0.25.1
      Downloaded fake-simd v0.1.2
      Downloaded kuchiki v0.8.1
      Downloaded lazy_static v1.4.0
      Downloaded futf v0.1.4
      Downloaded indexmap v1.6.2
      Downloaded md-5 v0.9.1
      Downloaded log v0.4.14
      Downloaded hyper v0.14.8
      Downloaded lber v0.3.0
      Downloaded io-enum v0.2.6
      Downloaded nix v0.19.1
      Downloaded pin-utils v0.1.0
      Downloaded pin-project-internal v1.0.7
      Downloaded cssparser-macros v0.6.0
      Downloaded dtoa v0.4.8
      Downloaded form_urlencoded v1.0.1
      Downloaded getrandom v0.1.16
      Downloaded hyper-tls v0.5.0
      Downloaded thin-slice v0.1.1
      Downloaded mime v0.3.16
      Downloaded native-tls v0.2.7
      Downloaded crossbeam-channel v0.5.1
      Downloaded time v0.2.26
      Downloaded httparse v1.4.1
      Downloaded time v0.1.43
      Downloaded tower-service v0.3.1
      Downloaded static_assertions v1.1.0
      Downloaded getrandom v0.2.3
      Downloaded hashbrown v0.9.1
      Downloaded futures v0.3.15
      Downloaded futures-util v0.3.15
      Downloaded try-lock v0.2.3
      Downloaded uuid v0.8.2
      Downloaded vec_map v0.8.2
      Downloaded tinyvec_macros v0.1.0
      Downloaded regex v1.5.4
      Downloaded libc v0.2.95
      Downloaded nom v2.2.1
      Downloaded hlua-badtouch v0.4.2
      Downloaded encoding_rs v0.8.28
      Downloaded libz-sys v1.1.3
      Downloaded rust_decimal v1.14.1
      Downloaded ldap3 v0.9.3
       Compiling libc v0.2.95
       Compiling proc-macro2 v1.0.27
       Compiling unicode-xid v0.2.2
       Compiling syn v1.0.72
       Compiling autocfg v1.0.1
       Compiling cfg-if v1.0.0
       Compiling version_check v0.9.3
       Compiling getrandom v0.1.16
       Compiling proc-macro-hack v0.5.19
       Compiling cc v1.0.68
       Compiling pkg-config v0.3.19
       Compiling log v0.4.14
       Compiling typenum v1.13.0
       Compiling memchr v2.4.0
       Compiling lazy_static v1.4.0
       Compiling bitflags v1.2.1
       Compiling serde_derive v1.0.126
       Compiling ppv-lite86 v0.2.10
       Compiling serde v1.0.126
       Compiling siphasher v0.3.5
       Compiling pin-project-lite v0.2.6
       Compiling futures-core v0.3.15
       Compiling itoa v0.4.7
       Compiling bytes v1.0.1
       Compiling matches v0.1.8
       Compiling byteorder v1.4.3
       Compiling proc-macro-nested v0.1.7
       Compiling futures-channel v0.3.15
       Compiling futures-task v0.3.15
       Compiling futures-sink v0.3.15
       Compiling ryu v1.0.5
       Compiling once_cell v1.7.2
       Compiling ahash v0.4.7
       Compiling pin-utils v0.1.0
       Compiling openssl v0.10.34
       Compiling foreign-types-shared v0.1.1
       Compiling slab v0.4.3
       Compiling futures-io v0.3.15
       Compiling tinyvec_macros v0.1.0
       Compiling native-tls v0.2.7
       Compiling openssl-probe v0.1.4
       Compiling fnv v1.0.7
       Compiling opaque-debug v0.3.0
       Compiling new_debug_unreachable v1.0.4
       Compiling percent-encoding v2.1.0
       Compiling crc32fast v1.2.1
       Compiling const_fn v0.4.8
       Compiling serde_json v1.0.64
       Compiling byte-tools v0.3.1
       Compiling regex-syntax v0.6.25
       Compiling precomputed-hash v0.1.1
       Compiling lexical-core v0.7.6
       Compiling block-padding v0.2.1
       Compiling arrayvec v0.5.2
       Compiling static_assertions v1.1.0
       Compiling mac v0.1.1
       Compiling httparse v1.4.1
       Compiling dtoa v0.4.8
       Compiling try-lock v0.2.3
       Compiling utf-8 v0.7.6
       Compiling base64 v0.13.0
       Compiling cfg-if v0.1.10
       Compiling async-trait v0.1.50
       Compiling unicode-width v0.1.8
       Compiling encoding_rs v0.8.28
       Compiling convert_case v0.4.0
       Compiling stable_deref_trait v1.2.0
       Compiling unicode-segmentation v1.7.1
       Compiling httpdate v1.0.1
       Compiling tower-service v0.3.1
       Compiling nodrop v0.1.14
       Compiling opaque-debug v0.2.3
       Compiling smallvec v1.6.1
       Compiling fake-simd v0.1.2
       Compiling ansi_term v0.11.0
       Compiling strsim v0.8.0
       Compiling mysql v20.1.0
       Compiling vec_map v0.8.2
       Compiling bytes v0.5.6
       Compiling nom v2.2.1
       Compiling base64 v0.12.3
       Compiling subtle v2.4.0
       Compiling thin-slice v0.1.1
       Compiling sha1 v0.6.0
       Compiling anyhow v1.0.40
       Compiling uuid v0.8.2
       Compiling cpufeatures v0.1.4
       Compiling bufstream v0.1.4
       Compiling humantime v2.1.0
       Compiling keccak v0.1.0
       Compiling ipnet v2.3.0
       Compiling mime v0.3.16
       Compiling maplit v1.0.2
       Compiling termcolor v1.1.2
       Compiling unicode-bidi v0.3.5
       Compiling tracing-core v0.1.18
       Compiling foreign-types v0.3.2
       Compiling tinyvec v1.2.0
       Compiling phf_shared v0.8.0
       Compiling hashbrown v0.9.1
       Compiling fxhash v0.2.1
       Compiling block-padding v0.1.5
       Compiling form_urlencoded v1.0.1
       Compiling futf v0.1.4
       Compiling generic-array v0.14.4
       Compiling standback v0.2.17
       Compiling proc-macro-error-attr v1.0.4
       Compiling proc-macro-error v1.0.4
       Compiling time v0.2.26
       Compiling textwrap v0.11.0
       Compiling servo_arc v0.1.1
       Compiling dtoa-short v0.3.3
       Compiling http v0.2.4
       Compiling futures-macro v0.3.15
       Compiling tokio v1.6.0
       Compiling num-traits v0.2.14
       Compiling futures-util v0.3.15
       Compiling num-integer v0.1.44
       Compiling indexmap v1.6.2
       Compiling num-bigint v0.2.6
       Compiling crossbeam-utils v0.8.4
       Compiling io-enum v0.2.6
       Compiling heck v0.3.2
       Compiling tendril v0.4.2
       Compiling tracing v0.1.26
       Compiling lru v0.6.5
       Compiling want v0.3.0
       Compiling lber v0.3.0
       Compiling aho-corasick v0.7.18
       Compiling openssl-sys v0.9.63
       Compiling libz-sys v1.1.3
       Compiling lua52-sys v0.1.2
       Compiling quote v1.0.9
       Compiling unicode-normalization v0.1.17
       Compiling crossbeam-channel v0.5.1
       Compiling generic-array v0.12.4
    The following warnings were emitted during compilation:
    
    warning: build/expando.c:4:24: error: pasting "RUST_VERSION_OPENSSL_" and "(" does not give a valid preprocessing token
    warning:     4 | #define VERSION2(n, v) RUST_VERSION_##n##_##v
    warning:       |                        ^~~~~~~~~~~~~
    warning: build/expando.c:5:23: note: in expansion of macro ‘VERSION2’
    warning:     5 | #define VERSION(n, v) VERSION2(n, v)
    warning:       |                       ^~~~~~~~
    warning: build/expando.c:10:1: note: in expansion of macro ‘VERSION’
    warning:    10 | VERSION(OPENSSL, OPENSSL_VERSION_NUMBER)
    warning:       | ^~~~~~~
    
    error: failed to run custom build command for `openssl-sys v0.9.63`
    
    Caused by:
      process didn't exit successfully: `/build/authoscope/src/authoscope-0.8.0/target/release/build/openssl-sys-d45d89f43d486731/build-script-main` (exit status: 101)
      --- stdout
      cargo:rustc-cfg=const_fn
      cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_LIB_DIR
      X86_64_UNKNOWN_LINUX_GNU_OPENSSL_LIB_DIR unset
      cargo:rerun-if-env-changed=OPENSSL_LIB_DIR
      OPENSSL_LIB_DIR unset
      cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_INCLUDE_DIR
      X86_64_UNKNOWN_LINUX_GNU_OPENSSL_INCLUDE_DIR unset
      cargo:rerun-if-env-changed=OPENSSL_INCLUDE_DIR
      OPENSSL_INCLUDE_DIR unset
      cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_DIR
      X86_64_UNKNOWN_LINUX_GNU_OPENSSL_DIR unset
      cargo:rerun-if-env-changed=OPENSSL_DIR
      OPENSSL_DIR unset
      cargo:rerun-if-env-changed=OPENSSL_NO_PKG_CONFIG
      cargo:rerun-if-env-changed=PKG_CONFIG
      cargo:rerun-if-env-changed=OPENSSL_STATIC
      cargo:rerun-if-env-changed=OPENSSL_DYNAMIC
      cargo:rerun-if-env-changed=PKG_CONFIG_ALL_STATIC
      cargo:rerun-if-env-changed=PKG_CONFIG_ALL_DYNAMIC
      cargo:rerun-if-env-changed=PKG_CONFIG_PATH_x86_64-unknown-linux-gnu
      cargo:rerun-if-env-changed=PKG_CONFIG_PATH_x86_64_unknown_linux_gnu
      cargo:rerun-if-env-changed=HOST_PKG_CONFIG_PATH
      cargo:rerun-if-env-changed=PKG_CONFIG_PATH
      cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR_x86_64-unknown-linux-gnu
      cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR_x86_64_unknown_linux_gnu
      cargo:rerun-if-env-changed=HOST_PKG_CONFIG_LIBDIR
      cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR
      cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_x86_64-unknown-linux-gnu
      cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_x86_64_unknown_linux_gnu
      cargo:rerun-if-env-changed=HOST_PKG_CONFIG_SYSROOT_DIR
      cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR
      cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR
      cargo:rerun-if-env-changed=SYSROOT
      cargo:rerun-if-env-changed=OPENSSL_STATIC
      cargo:rerun-if-env-changed=OPENSSL_DYNAMIC
      cargo:rerun-if-env-changed=PKG_CONFIG_ALL_STATIC
      cargo:rerun-if-env-changed=PKG_CONFIG_ALL_DYNAMIC
      cargo:rustc-link-lib=ssl
      cargo:rustc-link-lib=crypto
      cargo:rerun-if-env-changed=PKG_CONFIG
      cargo:rerun-if-env-changed=OPENSSL_STATIC
      cargo:rerun-if-env-changed=OPENSSL_DYNAMIC
      cargo:rerun-if-env-changed=PKG_CONFIG_ALL_STATIC
      cargo:rerun-if-env-changed=PKG_CONFIG_ALL_DYNAMIC
      cargo:rerun-if-env-changed=PKG_CONFIG_PATH_x86_64-unknown-linux-gnu
      cargo:rerun-if-env-changed=PKG_CONFIG_PATH_x86_64_unknown_linux_gnu
      cargo:rerun-if-env-changed=HOST_PKG_CONFIG_PATH
      cargo:rerun-if-env-changed=PKG_CONFIG_PATH
      cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR_x86_64-unknown-linux-gnu
      cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR_x86_64_unknown_linux_gnu
      cargo:rerun-if-env-changed=HOST_PKG_CONFIG_LIBDIR
      cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR
      cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_x86_64-unknown-linux-gnu
      cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_x86_64_unknown_linux_gnu
      cargo:rerun-if-env-changed=HOST_PKG_CONFIG_SYSROOT_DIR
      cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR
      OPT_LEVEL = Some("3")
      TARGET = Some("x86_64-unknown-linux-gnu")
      HOST = Some("x86_64-unknown-linux-gnu")
      CC_x86_64-unknown-linux-gnu = None
      CC_x86_64_unknown_linux_gnu = None
      HOST_CC = None
      CC = None
      CFLAGS_x86_64-unknown-linux-gnu = None
      CFLAGS_x86_64_unknown_linux_gnu = None
      HOST_CFLAGS = None
      CFLAGS = Some("-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions         -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security         -fstack-clash-protection -fcf-protection -flto=auto")
      CRATE_CC_NO_DEFAULTS = None
      DEBUG = Some("false")
      CARGO_CFG_TARGET_FEATURE = Some("fxsr,sse,sse2")
      running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-march=x86-64" "-mtune=generic" "-O2" "-pipe" "-fno-plt" "-fexceptions" "-Wp,-D_FORTIFY_SOURCE=2" "-Wformat" "-Werror=format-security" "-fstack-clash-protection" "-fcf-protection" "-flto=auto" "-I" "/usr/include" "-E" "build/expando.c"
      cargo:warning=build/expando.c:4:24: error: pasting "RUST_VERSION_OPENSSL_" and "(" does not give a valid preprocessing token
      cargo:warning=    4 | #define VERSION2(n, v) RUST_VERSION_##n##_##v
      cargo:warning=      |                        ^~~~~~~~~~~~~
      cargo:warning=build/expando.c:5:23: note: in expansion of macro ‘VERSION2’
      cargo:warning=    5 | #define VERSION(n, v) VERSION2(n, v)
      cargo:warning=      |                       ^~~~~~~~
      cargo:warning=build/expando.c:10:1: note: in expansion of macro ‘VERSION’
      cargo:warning=   10 | VERSION(OPENSSL, OPENSSL_VERSION_NUMBER)
      cargo:warning=      | ^~~~~~~
      exit status: 1
    
      --- stderr
      thread 'main' panicked at '
      Header expansion error:
      Error { kind: ToolExecError, message: "Command \"cc\" \"-O3\" \"-ffunction-sections\" \"-fdata-sections\" \"-fPIC\" \"-m64\" \"-march=x86-64\" \"-mtune=generic\" \"-O2\" \"-pipe\" \"-fno-plt\" \"-fexceptions\" \"-Wp,-D_FORTIFY_SOURCE=2\" \"-Wformat\" \"-Werror=format-security\" \"-fstack-clash-protection\" \"-fcf-protection\" \"-flto=auto\" \"-I\" \"/usr/include\" \"-E\" \"build/expando.c\" with args \"cc\" did not execute successfully (status code exit status: 1)." }
    
      Failed to find OpenSSL development headers.
    
      You can try fixing this setting the `OPENSSL_DIR` environment variable
      pointing to your OpenSSL installation or installing OpenSSL headers package
      specific to your distribution:
    
          # On Ubuntu
          sudo apt-get install libssl-dev
          # On Arch Linux
          sudo pacman -S openssl
          # On Fedora
          sudo dnf install openssl-devel
    
      See rust-openssl README for more information:
    
          https://github.com/sfackler/rust-openssl#linux
      ', /build/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-sys-0.9.63/build/main.rs:147:13
      note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
    

    I was able to build the package after updating two crates, openssl to 0.10.38 and openssl-sys to 0.9.72.

    opened by loqs 1
  • failed to run custom build command for `openssl v0.9.24`

    failed to run custom build command for `openssl v0.9.24`

    Hi,

    I have this error when I install badtouch in cargo: cargo install badtouch

    error: failed to run custom build command for openssl v0.9.24 process didn't exit successfully: /tmp/user/0/cargo-installenmH0c/release/build/openssl-1a53f5853bfeae35/build-script-build (exit code: 101) --- stderr thread 'main' panicked at 'Unable to detect OpenSSL version', /usr/cargo/registry/src/github.com-1ecc6299db9ec823/openssl-0.9.24/build.rs:16:14 note: Run with RUST_BACKTRACE=1 for a backtrace. warning: build failed, waiting for other jobs to finish... error: failed to compile badtouch v0.6.1, intermediate artifacts can be found at /tmp/user/0/cargo-installenmH0c Caused by: build failed

    I have by the way, the latest version of openssl installed v1.1.1b

    opened by ghost 1
  • Contribution

    Contribution

    Hello @kpcyrd. Im currently searching a crate where i can something contribute. As i see, there are 2 contributors on this project, so do you work as a team only or can i contribute as well?

    opened by Menkir 1
  • Requeue on error

    Requeue on error

    There is currently no error handling in the runtime. Error handling should be added and in addition we should requeue attempts that failed due to an unexpected error.

    runtime 
    opened by kpcyrd 1
  • Fix openssl compile issue

    Fix openssl compile issue

    The build was broken on archlinux due to an openssl bump, it took a while to get all dependencies ready.

    This also migrates to the latest reqwest version for the same reason.

    opened by kpcyrd 0
  • pwntools-like socket library

    pwntools-like socket library

    It should be possible to naively implement arbitrary (text) protocols using badtouch, using functions similar to the socket functions provided by pwntools.

    This allows more creative solutions for #58, eg by talking to an smtpd.

    • [ ] sock_connect(host, port, {fam='ipv4', timeout=3, ssl=true, ssl_verify=false, newline="\r\n"}), create a connection
    • [x] sock_send(sock, data), send data
    • [x] sock_recv(sock), receive up to 4096 bytes
    • [x] sock_sendline(sock, line), send a line, automatically adds a newline
    • [x] sock_recvline(sock), receive a line, strips newline
    • [x] sock_recvall(sock), receive until EOF
    • [ ] sock_recvline_contains(sock, needle), receive lines until one contains at least one needle, then return that line (supports string and list of strings)
    • [x] sock_recvline_regex(sock, regex), receive lines until one matches the regex, then return that line
    • [x] sock_recvn(sock, n), receive exactly n bytes
    • [x] sock_recvuntil(sock, delim), receive until a sequence of bytes is found, then return all data including the sequence (supports string and list of strings)
    • [x] sock_sendafter(sock, delim, data), shorthand for sock_recvuntil(sock, delim) and sock_send(sock, data)
    • [ ] sock_unrecv(sock, data), put data back into the buffered reader
    • [x] sock_newline(sock, "\r\n"), update the newline
    opened by kpcyrd 0
  • badtouch enum

    badtouch enum

    Given a bug/feature that can be abused as an oracle if a user exists/doesn't exist, it should be possible to filter a list of usernames to those that actually exist on the system.

    We would probably reuse the verify(user, password) function for this and provide nil as the password.

    opened by kpcyrd 0
  • Support testing directly on databases

    Support testing directly on databases

    This allows connecting to a database, querying a record and testing the password directly with the record in the database. Combined with the large number of cryptographic hash functions it should be possible to use this for a large number of applications.

    stuff todo:

    • [x] this changes the semantics of mysql_connect, a failed mysql_connect login would record an error and get requeued. There should be a way that a failed mysql_connect is a failed login attempt (possibly by introducing a function that clears the recorded errors.
    • [x] document the new mysql_connect and mysql_query
    • [x] create a followup issue for scrypt
    • [x] create a followup issue for argon2
    • [x] create a followup issue for postgres
    • [x] create a followup issue for mongodb
    • [x] create a followup issue for redis(?)
    opened by kpcyrd 0
  • Rename credential confirmation to combolist

    Rename credential confirmation to combolist

    "Credential confirmation" should be replaced with "Combolist".

    We might want to rename the subcommand as well, from badtouch creds to badtouch combo, but if we do this we should still accept creds as an alias.

    opened by kpcyrd 0
  • Gentoo pkg / Deb pkg rpm

    Gentoo pkg / Deb pkg rpm

    for wiki , Cargo deb , cargo ebuild tools will produce a debian pkg , and ebuild gentoo ebuild bash script. https://crates.io/crates/cargo-rpm likewise rpm's ...

    opened by necrose99 3
  • Allow grabbing additional loot

    Allow grabbing additional loot

    If a script wants to provide additional data of the user, the script could be changed from:

    return is_valid
    

    to something like

    if is_valid then
        req = http_request(session, 'GET', 'https://example.com/api/permissions', {})
        resp = http_send(req)
        if last_err() then
            -- ignore this error and just report the login as valid instead of requeueing it
            clear_err()
            return true
        end
        loot['permissions'] = resp['text']
        return true
    else
        return false
    end
    

    badtouch would need to add a dict/table named loot to the lua context before executing the script. After the script finished with success the loot table would be checked and if it's non-empty that data would be included in the report. This is difficult to fit into the regular combolist report we currently use, so we might have to limit this to json reports (and support json reports).

    opened by kpcyrd 0
  • badtouch test

    badtouch test

    It might make sense to have a test subcommand that can be used to make sure the script works. This would call eg test_positive and test_negative that both wrap around the verify function, once with correct credentials and once with incorrect credentials.

    Including passwords in the script seems counter intuitive, but those should be dummy accounts and the scripts that have those tests wouldn't be meant to be shared publicly. There might be a better way to do this though.

    opened by kpcyrd 1
Releases(v0.8.1)
Owner
Independent security research. Works on backdoor-resistant software distribution. Maintains packages in Arch Linux and Debian. Steals food at conferences.
null
Use Touch ID / Secure Enclave for SSH Authentication!

SeKey About SeKey is a SSH Agent that allow users to authenticate to UNIX/Linux SSH servers using the Secure Enclave How it Works? The Secure Enclave

SeKey 2.3k Dec 26, 2022
A private network system that uses WireGuard under the hood.

innernet A private network system that uses WireGuard under the hood. See the announcement blog post for a longer-winded explanation. innernet is simi

Tonari, Inc 4.1k Jan 6, 2023
Dangerously fast dns/network/port scanner, all-in-one

Skanuvaty Dangerously fast dns/network/port scanner, all-in-one. Start with a domain, and we'll find everything about it. Features: Finds subdomains f

CCCC 701 Dec 31, 2022
🥸P2P gossip network for update transparency, based on pgp 🥸

apt-swarm An attempt to make a secure public p2p protocol that gossips about signed InRelease files to implement an update transparency log. Running a

null 10 Mar 4, 2023
Authoscope is a scriptable network authentication cracker.

authoscope authoscope is a scriptable network authentication cracker. While the space for common service bruteforce is already very well saturated, yo

null 342 Dec 10, 2022
Ruo is a dictionary-based password cracker written in rust 🦀 .

Ruo is a dictionary-based password cracker written in rust ?? . The primary purpose is to crack weak hashes/commonly used passwords.

Asjid Kalam 10 Mar 6, 2022
A scriptable MIDI event processor.

mep Introduction mep is a scriptable midi event processor. It uses koto scripts to process incoming midi events. I/O Every instance of mep introduces

Ali Somay 6 Apr 21, 2022
A scriptable discord bot (WIP)

Status This project is currently a VERY EARLY WORK IN PROGRESS. Contact me on discord for more details: Jonas747#0001 (105487308693757952) BotLoader (

null 26 Dec 21, 2022
A blazingly fast and memory safe password cracker with user interface.

HashVat A blazingly fast and memory safe password cracker with user interface. HashVat runs with user interface and is capable of cracking the 1.000.0

JBLDSKY 2 Dec 6, 2022
Tony Hawk's Underground 2: Remix Cheat Cracker - Performs dictionary attack on cheat code hashes for THU2R

Tony Hawk's Underground 2 Cheat Cracker A simple utility for cracking cheat codes for Tony Hawk's Underground 2, written in Rust. Background This proj

null 7 Mar 2, 2023
Scriptable tool to read and write UEFI variables from EFI shell. View, save, edit and restore hidden UEFI (BIOS) Setup settings faster than with the OEM menu forms.

UEFI Variable Tool (UVT) UEFI Variable Tool (UVT) is a command-line application that runs from the UEFI shell. It can be launched in seconds from any

null 4 Dec 11, 2023
Docker containers on a synthetic network. Run applications in a context that lets you manipulate their network conditions.

Synthetic Network Docker containers on a synthetic network. Run applications in a context that lets you manipulate their network conditions. Dependenc

Daily 58 Dec 15, 2022
Cross-chain bridge message delivery network. We are hiring, [email protected]

Introduction Implementation of a https://darwinia.network node in Rust based on the Substrate framework. This repository contains runtimes for the Dar

Darwinia Network 225 Nov 8, 2022
ARYA Network is a polkadot/substrate based chain for Non-fungible Token platform on which we can own sell and buy the NFT's on polkadot network.

ARYA Network ARYA Network is a polkadot/substrate based chain for Non-fungible Token platform on which we can own sell and buy the NFT's on polkadot n

Pankaj Chaudhary 6 Dec 20, 2022
The Zenotta Network Protocol (ZNP), the network that supports the Zenotta blockchain

Zenotta Network Protocol A repo for the development of the Zenotta Network Protocol (ZNP). We will regularly be updating links and easter eggs inside

Zenotta AG 10 Apr 2, 2023
dWallet Network, a composable modular signature network is the home of dWallets

Welcome to dWallet Network dWallet Network, a composable modular signature network is the home of dWallets. A dWallet is a noncollusive and massively

dWallet Labs 8 Feb 26, 2024
Add Facebook and Google authentication to your HTTP REST API in Actix-web

I created this project while learning Rust. Project shows how to handle Facebook and Google token verification in Rust using Actix-Web. Hope this help

null 37 Dec 31, 2022
Example application using a Vue frontend with Rust backend that has authentication + authorization.

This project contains a Rust server that serves a single page application and has authentication + JWT-based authorization.

null 43 Dec 9, 2022
An implementation for an authentication API for Rocket applications.

rocket_auth rocket_auth provides a ready-to-use backend agnostic API for authentication management. For more information visit the documentation at ht

null 62 Dec 19, 2022
A safe implementation of the secure remote password authentication and key-exchange protocol (SRP), SRP6a and legacy are as features available.

Secure Remote Password (SRP 6 / 6a) A safe implementation of the secure remote password authentication and key-exchange protocol (SRP version 6a). Ver

Sven Assmann 10 Nov 3, 2022