Dir Bruteforcer In Go That Doesn't Work

This afternoon we had an interesting discusion on Twitter if we should publish our native Mac OS X directory brute forcing tool. The general consensus is that that sort of thing has already been done, although not natively on OS X. So, because of practical implications, we thought that before we release anything that we will require some support let's come up with the simplest possible bruteforcer that is as efficient as it can get natively.

Screenshot 01

Naturally we choose go for the job. We knocked off the tool in 5 minutes. The following snippet is the actual bruteforcer. The reason it doesn't work is because in simple cases it will perform well but on much larger and complex tasks it will fail miserably with a lot of stack exceptions. To use the tool you need to replace the target with your own and also pipe the word dictionary to stdin.

package main

// ---

import (
	"os"
	"log"
	"fmt"
	"sync"
	"bufio"
	"net/http"
)

// ---

func index(wg *sync.WaitGroup, prefix string, suffix string, count int) {
	defer wg.Done()

	// ---

	url := fmt.Sprintf("%s/%s/", prefix, suffix)

	// ---

	resp, err := http.Get(url)

	// ---

	if err != nil {
		if (count > 0) {
			wg.Add(1)

			// ---

			go index(wg, prefix, suffix, count - 1)
		}

		// ---

		return
	}

	// ---

	fmt.Printf("%s - %s\n", url, resp.Status)
}

// ---

func main() {
	target := "http://www.google.com"
	count := 3

	// ---

	var wg sync.WaitGroup

	// ---

	scanner := bufio.NewScanner(os.Stdin)

	// ---

	for scanner.Scan() {
		wg.Add(1)

		// ---

		go index(&wg, target, scanner.Text(), count)
	}

	// ---

	if err := scanner.Err(); err != nil {
	    log.Fatal(err)
	}

	// ---

	wg.Wait()
}

// ---

This can be fixed in several ways but we've decided to leave it to the community to pick it up and do whatever they wish. Projects like DirBuster are no longer active so there is a good opportunity for someone else to enter the security tool development game.

Let us know what do you think.