github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-08-19 21:03:52 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #198 from veggiespam/master

Browse source 
Updates to JSON code
This commit is contained in:
van Hauser 2017-03-03 09:38:49 +01:00 committed by GitHub
commit 2e1b0c2487
3 changed files with 81 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

75
README
View file

@ -28,7 +28,7 @@ either support more than one protocol to attack or support parallized
connects. connects.
It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris,
FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX. FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS.
Currently this tool supports the following protocols: Currently this tool supports the following protocols:
Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,
@ -91,9 +91,9 @@ and compile them manually.
SUPPORTED PLATFORMS SUPPORTED PLATFORMS
------------------- -------------------
All UNIX platforms (linux, *bsd, solaris, etc.) All UNIX platforms (linux, *bsd, solaris, etc.)
Mac OS/X MacOS
Windows with Cygwin (both IPv4 and IPv6) Windows with Cygwin (both IPv4 and IPv6)
Mobile systems based on Linux, Mac OS/X or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
@ -287,6 +287,75 @@ ADDITIONAL HINTS
cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt
RESULTS OUTPUT
--------------
The results are output to stdio along with the other information. Via the -o
command line option, the results can also be written to a file. Using -b,
the format of the output can be specified. Currently, these are supported:
* `text` - plain text format
* `jsonv1` - JSON data using version 1.x of the schema (defined below).
* `json` - JSON data using the latest version of the schema, currently there
is only version 1.
If using JSON output, the results file may not be valid JSON if there are
serious errors in booting Hydra.
### JSON Schema
Here is an example of the JSON output. Notes on some of the fields:
* `errormessages` - an array of zero or more strings that are normally printed
to stderr at the end of the Hydra's run. The text is very free form.
* `success` - indication if Hydra ran correctly without error (**NOT** if
passwords were detected). This parameter is either the JSON value `true`
or `false` depending on completion.
* `quantityfound` - How many username+password combinations discovered.
* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00,
2.03, etc. Hydra will make second tuple of the version to always be two
digits to make it easier for downstream processors (as opposed to v1.1 vs
v1.10). The minor-level versions are additive, so 1.02 will contain more
fields than version 1.00 and will be backward compatible. Version 2.x will
break something from version 1.x output.
Version 1.00 example:
```
{
"errormessages": [
"[ERROR] Error Message of Something",
"[ERROR] Another Message",
"These are very free form"
],
"generator": {
"built": "2017-03-01 14:44:22",
"commandline": "hydra -b jsonv1 -o results.json ... ...",
"jsonoutputversion": "1.00",
"server": "127.0.0.1",
"service": "http-post-form",
"software": "Hydra",
"version": "v8.5-dev"
},
"quantityfound": 2,
"results": [
{
"host": "127.0.0.1",
"login": "bill@example.com",
"password": "bill",
"port": 9999,
"service": "http-post-form"
},
{
"host": "127.0.0.1",
"login": "joe@example.com",
"password": "joe",
"port": 9999,
"service": "http-post-form"
}
],
"success": false
}
```
SPEED SPEED
----- -----

10
hydra-mod.c
View file

@ -695,21 +695,21 @@ void hydra_report_debug(FILE * st, char *format, ...) {
char bufOut[33000]; char bufOut[33000];
char temp[6]; char temp[6];
unsigned char cTemp; unsigned char cTemp;
int i = 0; int i = 0, len;
if (format == NULL) { if (format == NULL) {
fprintf(stderr, "[ERROR] no msg passed.\n"); fprintf(stderr, "[ERROR] no msg passed.\n");
} else { } else {
va_start(ap, format); va_start(ap, format);
memset(bufOut, 0, sizeof(bufOut)); memset(bufOut, 0, sizeof(bufOut));
memset(buf, 0, 512); memset(buf, 0, sizeof(buf));
vsnprintf(buf, sizeof(buf), format, ap); len = vsnprintf(buf, sizeof(buf), format, ap);
// Convert any chars less than 32d or greater than 126d to hex // Convert any chars less than 32d or greater than 126d to hex
for (i = 0; i < sizeof(buf); i++) { for (i = 0; i < len; i++) {
memset(temp, 0, 6); memset(temp, 0, 6);
cTemp = (unsigned char) buf[i]; cTemp = (unsigned char) buf[i];
if ((cTemp < 32 && cTemp > 0) || cTemp > 126) { if ((cTemp < 32 && cTemp >= 0) || cTemp > 126) {
sprintf(temp, "[%02X]", cTemp); sprintf(temp, "[%02X]", cTemp);
} else } else
sprintf(temp, "%c", cTemp); sprintf(temp, "%c", cTemp);

8
hydra.c
View file

@ -3746,7 +3746,7 @@ int main(int argc, char *argv[]) {
if (hydra_options.outfile_format == 1) { // JSONv1 if (hydra_options.outfile_format == 1) { // JSONv1
fprintf(hydra_brains.ofp, "{ \"generator\": {\n" fprintf(hydra_brains.ofp, "{ \"generator\": {\n"
"\t\"software\": \"%s\", \"version\": \"%s\", \"built\": \"%s\",\n" "\t\"software\": \"%s\", \"version\": \"%s\", \"built\": \"%s\",\n"
"\t\"server\": \"%s\", \"service\": \"%s\", \"jsonoutputversion\": 1.0,\n" "\t\"server\": \"%s\", \"service\": \"%s\", \"jsonoutputversion\": \"1.00\",\n"
"\t\"commandline\": \"%s", "\t\"commandline\": \"%s",
PROGRAM, VERSION, hydra_build_time(), PROGRAM, VERSION, hydra_build_time(),
hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg);
@ -3998,7 +3998,7 @@ int main(int argc, char *argv[]) {
} }
if (hydra_options.outfile_format == 1 /* JSONv1 */ && hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { if (hydra_options.outfile_format == 1 /* JSONv1 */ && hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) {
fprintf(hydra_brains.ofp, "%s\n\t{\"port\": %d, \"service\": \"%s\", \"host\": \"%s\", \"login\": \"%s\", \"password\": \"%s\"}", fprintf(hydra_brains.ofp, "%s\n\t{\"port\": %d, \"service\": \"%s\", \"host\": \"%s\", \"login\": \"%s\", \"password\": \"%s\"}",
hydra_brains.found != 0 ? "" : ",", // add comma if not first finding hydra_brains.found == 1 ? "" : ",", // prefix a comma if not first finding
hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->port,
hydra_options.service, hydra_options.service,
hydra_targets[hydra_heads[head_no]->target_no]->target !=NULL ? hydra_targets[hydra_heads[head_no]->target_no]->target : "", hydra_targets[hydra_heads[head_no]->target_no]->target !=NULL ? hydra_targets[hydra_heads[head_no]->target_no]->target : "",
@ -4251,8 +4251,8 @@ int main(int argc, char *argv[]) {
printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time());
if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) { if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) {
if (hydra_options.outfile_format == 1 /* JSONv1 */ ) { if (hydra_options.outfile_format == 1 /* JSONv1 */ ) {
fprintf(hydra_brains.ofp, "\n\t],\n\"status\": \"%s\",\n\"errormessages\": [ %s ],\n\"quantityfound\": %lu }\n", fprintf(hydra_brains.ofp, "\n\t],\n\"success\": %s,\n\"errormessages\": [ %s ],\n\"quantityfound\": %lu }\n",
(error ? "errors" : "success"), json_error, hydra_brains.found); (error ? "false" : "true"), json_error, hydra_brains.found);
} }
fclose(hydra_brains.ofp); fclose(hydra_brains.ofp);
} }