I am teaching a class that introduces password spraying to students. I introduce to them a website that we have in a lab where we collect the first name and last name of people on the page, then develop a username list to conduct a bruteforce password spray based on the sub-technique in the MITRE Att&ck Framework https://attack.mitre.org/techniques/T1110/003/.
The below python script takes a csv file as shown below and creates different username formats based on the list.
CSV File example:
james,carver
julio,deguilio
robin,freid
ted,montrose
trey,montoya
Python3 Script example:
#!/usr/bin/python3
import sys
import getopt
import csv
def main():
inputfile = ''
# Read the argument for the userlist file
if len(sys.argv) < 2:
print("./createUserList.py -i --userlist--")
exit(1)
else:
opts, argv = getopt.getopt(sys.argv[1:],"i:")
for opt, arg in opts:
if opt in ['-i']:
inputfile = arg
# Read in the columns for first and last name...
# This is not built to have column header names...
with open(inputfile) as csv_file:
csv_reader = csv.reader(csv_file, delimiter=",")
for row in csv_reader:
firstname = row[0]
lastname = row[1]
# first.last
print(firstname + "." + lastname)
# first_last
print(firstname + "_" + lastname)
# f.last
print(firstname[0:1] + "." + lastname)
# first.l
print(firstname + "." + lastname[0:1])
if __name__=="__main__":
main()
No comments:
Post a Comment