Connect match reqs

Makefile

@@ -1,5 +1,6 @@
 
 NAME	=	bruteforce
+
 SRC		=	src/main.go
 
 all: $(NAME)
@@ -15,4 +16,8 @@ fclean:
 
 re: fclean all
 
-.PHONY: all clean fclean re
+install_program:
+	echo "source $(pwd)/autocompletion/bash/_bruteforce" >> ~/.bashrc
+	echo "source $(pwd)/autocompletion/zsh/_bruteforce" >> ~/.zshrc
+
+.PHONY: all clean fclean re install_program

README.md

@@ -36,7 +36,27 @@ go run src/main.go
 
 ### Usage
 
-No usage so far
+```bash
+./bruteforce [OPTIONS]
+```
+
+### Matching
+
+For matching usage, the following flags are available:
+
+`-status-codes` : match based on a list of status codes.
+
+For example, `./bruteforce -status-codes="200,201,202,401,404"`.
+
+*By default* : 200, 401, 403, 404, 429, 500
+
+`-header` : match based on a header.
+
+For example, `./bruteforce -header="Content-Type: application/json"`.
+
+`-body` : match based on a body.
+
+For example, `./bruteforce -body="Hello World"`.
 
 ## Get involved
 

autocompletion/bash/_bruteforce

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+_bruteforce_completion() {
+    local cur prev opts
+    cur="${COMP_WORDS[COMP_CWORD]}"
+    prev="${COMP_WORDS[COMP_CWORD-1]}"
+    opts="--threads -v --status-codes --header --body --wordlist"
+
+    if [[ ${COMP_CWORD} -eq 1 ]]; then
+        COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
+    elif [[ ${COMP_CWORD} -eq 2 ]]; then
+        case "${prev}" in
+            --threads)
+                COMPREPLY=( $(compgen -W "1 2 4 8 16 32" -- "${cur}") )
+                ;;
+            --status-codes)
+                COMPREPLY=( $(compgen -W "200 401 403 404 429 500" -- "${cur}") )
+                ;;
+            --header|--body|--wordlist)
+                COMPREPLY=()
+                ;;
+        esac
+    else
+        COMPREPLY=( $(compgen -W "http:// https://" -- "${cur}") )
+    fi
+}
+
+complete -F _bruteforce_completion bruteforce

autocompletion/zsh/_bruteforce

@@ -0,0 +1,23 @@
+#compdef bruteforce
+
+_bruteforce() {
+    local -a args
+
+    args=(
+        '-v[verbose mode]'
+        '--threads=[number of threads]:number of threads:(1 2 4 8 16 32)'
+        '--status-codes=[Comma-separated list of status codes to match]:status codes:'
+        '--header=[Header to match]:header:'
+        '--body=[String to match in response body]:body:'
+        '--wordlist=[Wordlist to bruteforce URLs with]:wordlist:_files'
+        '*:url:_bruteforce_urls'
+    )
+
+    _arguments -s $args
+}
+
+_bruteforce_urls() {
+    _urls -p 'http://' 'https://'
+}
+
+compdef _bruteforce bruteforce

cmd/callWorker.go

@@ -0,0 +1,40 @@
+package main
+
+import (
+  "time"
+)
+
+type forceData struct {
+	worker int
+	wordList string
+	url string
+}
+
+func executeQueryFromFile(data forceData, currentPath chan string) {
+  for taskData := range currentPath{
+    queryExecute(data, taskData, "POST")
+    }
+}
+
+func mainRequest(data forceData) {
+  channel := make(chan string)
+  wordArray := GetFileContent("../wordList/rootList")
+
+  for i := 0 ;i < data.worker; i++ {
+		go executeQueryFromFile(data, channel)
+	}
+  for i := 0; i < len(wordArray); i++ {
+    channel <- wordArray[i]
+  }
+  time.Sleep(1 * time.Second)
+  close(channel)
+}
+
+func main () {
+  data := forceData {
+    worker: 3,
+    wordList: "../wordList/rootList",
+    url: "http://localhost:3333",
+  }
+  mainRequest(data);
+}

cmd/getFile.go

@@ -0,0 +1,18 @@
+package main
+
+import (
+    "os"
+    "fmt"
+    "log"
+	"strings"
+)
+
+func GetFileContent(filePath string) []string{
+    body, err := os.ReadFile(filePath)
+    if err != nil {
+        log.Fatalf("unable to read file: %v", err)
+    }
+	dataTab := strings.Split(string(body), "\n")
+    fmt.Println(dataTab[0])
+	return dataTab
+}

cmd/queryExecute.go

@@ -0,0 +1,35 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"io/ioutil"
+	"net/http"
+)
+
+func queryExecute(data forceData, path string, method string) {
+
+	client := &http.Client{}
+	req, err := http.NewRequest(method, data.url + path, nil)
+	if err != nil {
+	  log.Fatal(err)
+	}
+
+	q := req.URL.Query()
+
+	req.URL.RawQuery = q.Encode()
+
+	resp, err := client.Do(req)
+	if err != nil {
+	  fmt.Println(err)
+	}
+
+	defer resp.Body.Close()
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+	  log.Fatal(err)
+	}
+
+	fmt.Println(string(body))
+  }

src/cli/cli.go

@@ -0,0 +1,50 @@
+package cli
+
+import (
+	"bruteforce/src/models"
+	"errors"
+	"flag"
+	"fmt"
+	"os"
+)
+
+func Parse_cli_args() (models.Forcing_params, error) {
+	var params models.Forcing_params
+
+	UrlError := errors.New("No url given")
+	ThreadsError := errors.New("Wrong number of threads given")
+	WordListError := errors.New("No wordlist given")
+
+	// forkptr := flag.Bool("v", false, "Verbose program")
+	statusPtr := flag.String("status-codes", "200,401,403,404,429,500", "Comma-separated list of status codes to match")
+	headerPtr := flag.String("header", "", "Header to match")
+	bodyPtr := flag.String("body", "", "String to match in response body")
+	wordlistPtr := flag.String("wordlist", "", "Wordlist to bruteforce url with")
+	flag.IntVar(&params.Workers, "threads", 1, "Number of threads to be used")
+
+	flag.Usage = func() {
+		fmt.Fprintf(os.Stderr, "Usage: bruteforce [options] <url>\n")
+		fmt.Fprintf(os.Stderr, "Options:\n")
+		flag.PrintDefaults()
+	}
+
+	flag.Parse()
+
+	if params.Workers < 1 {
+		return params, ThreadsError
+	}
+	fmt.Print(flag.Args())
+	if len(flag.Args()) < 1 {
+		return params, UrlError
+	}
+	params.Url = flag.Args()[0]
+	// params.BoolFlags.Verbose = *forkptr
+	params.Status = *statusPtr
+	params.Header = *headerPtr
+	params.Body = *bodyPtr
+	params.Wordlist = *wordlistPtr
+	if params.Wordlist == "" {
+		return params, WordListError
+	}
+	return params, nil
+}

src/main.go

@@ -1,9 +1,22 @@
 package main
 
 import (
+	"bruteforce/src/cli"
+	"bruteforce/src/matching"
+	"bruteforce/src/query"
 	"fmt"
 )
 
 func main() {
-	fmt.Println("Hello World")
+
+	forcing_params, err := cli.Parse_cli_args()
+
+	if err != nil {
+		panic(err)
+	}
+	fmt.Println(forcing_params)
+
+	criteria := matcher.MatchParser(&forcing_params)
+
+	query.MainRequest(&forcing_params, criteria) // maybe like this?
 }

src/matching/body.go

@@ -0,0 +1,13 @@
+package matcher
+
+import (
+	"errors"
+	"strings"
+)
+
+func matchContents(body []byte, criteria MatchCriteria) (bool, error) {
+	if criteria.BodyContains != "" && !strings.Contains(string(body), criteria.BodyContains) {
+		return false, errors.New("body content mismatch")
+	}
+	return true, nil
+}

src/matching/headers.go

@@ -0,0 +1,36 @@
+package matcher
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"strings"
+)
+
+func matchHeaders(resp *http.Response, criteria MatchCriteria) (bool, error) {
+	for key, value := range criteria.Headers {
+		if resp.Header.Get(key) != value {
+			return false, fmt.Errorf("header mismatch: %s=%s\nheaders: %s", key, value, resp.Header)
+		}
+	}
+	return true, nil
+}
+
+func parseHeaders(headersList string) map[string]string {
+	if headersList == "" {
+		return nil
+	}
+
+	headers := make(map[string]string)
+	headerPairs := strings.Split(headersList, ",")
+
+	for _, pair := range headerPairs {
+		parts := strings.SplitN(pair, ":", 2)
+		if len(parts) == 2 {
+			headers[strings.TrimSpace(parts[0])] = strings.TrimSpace(parts[1])
+		} else {
+			log.Printf("[WARN] Invalid header format: %s", pair)
+		}
+	}
+	return headers
+}

src/matching/matcher.go

@@ -0,0 +1,49 @@
+package matcher
+
+import (
+	"bruteforce/src/models"
+	"io"
+	"log"
+	"net/http"
+)
+
+type MatchCriteria struct {
+	StatusCodes  []int
+	Headers      map[string]string
+	BodyContains string
+}
+
+func MatchResponse(response *http.Response, criteria MatchCriteria) (bool, string) {
+	body, err := io.ReadAll(response.Body)
+	if err != nil {
+		return false, err.Error()
+	}
+
+	if matched, err := matchStatusCode(response, criteria.StatusCodes); !matched {
+		return false, err.Error()
+	}
+	if matched, err := matchHeaders(response, criteria); !matched {
+		return false, err.Error()
+	}
+	if matched, err := matchContents(body, criteria); !matched {
+		return false, err.Error()
+	}
+
+	return true, "matched successfully"
+}
+
+func MatchParser(params *models.Forcing_params) MatchCriteria {
+	matchCodes, err := parseStatusCodes(params.Status)
+	if err != nil {
+		log.Fatal("Error parsing status codes:", err)
+	}
+
+	matchHeaders := parseHeaders(params.Header)
+	criteria := MatchCriteria{
+		StatusCodes:  matchCodes,
+		Headers:      matchHeaders,
+		BodyContains: params.Body,
+	}
+
+	return criteria
+}