Merge branch 'orchestrator'

README.md

@@ -52,6 +52,7 @@ As for the user enumeration, two modes are available: oauth2 and autodiscover (n
 
 ### OWA
 This module allows to enumerate users and bruteforce / spray passwords. 
+Currently NTLM and basic authentication is supported
 
 #### User enumeration
 Enumeration is made with authentication requests. Authentication for a non-existent user will take longer than for a valid user. At first, the average response time for an invalid user will be calculated and then the response time for each authentication request will be compared.

src/cmd/brute/adfs.go

@@ -1,8 +1,9 @@
 package brute
 
 import (
-	"GoMapEnum/src/adfs"
 	"GoMapEnum/src/logger"
+	"GoMapEnum/src/modules/adfs"
+	"GoMapEnum/src/orchestrator"
 	"errors"
 
 	"github.com/spf13/cobra"
@@ -34,7 +35,11 @@ go run main.go bruteSpray adfs -t adfs.contoso.com -u john.doe@contoso.com  -p A
 		adfsOptions.NoBruteforce = noBruteforce
 		adfsOptions.Sleep = sleep
 		adfsOptions.Proxy = proxy
-		validUsers = adfsOptions.Brute()
+
+		orchestratorOptions := orchestrator.Orchestrator{}
+		orchestratorOptions.PreActionBruteforce = adfs.CheckTarget
+		orchestratorOptions.AuthenticationFunc = adfs.Authenticate
+		validUsers = orchestratorOptions.Bruteforce(&o365Options)
 	},
 }
 

src/cmd/brute/o365.go

@@ -2,7 +2,8 @@ package brute
 
 import (
 	"GoMapEnum/src/logger"
-	"GoMapEnum/src/o365"
+	"GoMapEnum/src/modules/o365"
+	"GoMapEnum/src/orchestrator"
 	"errors"
 	"strings"
 
@@ -35,7 +36,15 @@ By default, if one account is being lock, the all attack will be stopped.
 		o365Options.Proxy = proxy
 		o365Options.NoBruteforce = noBruteforce
 		o365Options.Sleep = sleep
-		validUsers = o365Options.Brute()
+
+		orchestratorOptions := orchestrator.Orchestrator{}
+		orchestratorOptions.CustomOptionsForCheckIfValid = o365.PrepareOptions
+		orchestratorOptions.AuthenticationFunc = o365.Authenticate
+		orchestratorOptions.UserEnumFunc = o365.UserEnum
+		// To check if the user is valid
+		orchestratorOptions.CheckBeforeEnumFunc = o365.CheckTenant
+		orchestratorOptions.AuthenticationFunc = o365.Authenticate
+		validUsers = orchestratorOptions.Bruteforce(&o365Options)
 	},
 }
 

src/cmd/brute/owa.go

@@ -2,7 +2,8 @@ package brute
 
 import (
 	"GoMapEnum/src/logger"
-	"GoMapEnum/src/owa"
+	"GoMapEnum/src/modules/owa"
+	"GoMapEnum/src/orchestrator"
 
 	"github.com/spf13/cobra"
 )
@@ -26,17 +27,23 @@ go run main.go bruteSpray owa -u john.doe@contoso.com -p Automn2021! -t mail.con
 		owaOptions.Proxy = proxy
 		owaOptions.NoBruteforce = noBruteforce
 		owaOptions.Sleep = sleep
-		validUsers = owaOptions.Brute()
+
+		orchestratorOptions := orchestrator.Orchestrator{}
+		orchestratorOptions.PreActionBruteforce = owa.PrepareBruteforce
+		orchestratorOptions.CustomOptionsForCheckIfValid = owa.PrepareOptions
+		validUsers = orchestratorOptions.Bruteforce(&owaOptions)
 
 	},
 }
 
 func init() {
 
+	owaCmd.Flags().BoolVarP(&o365Options.CheckIfValid, "check", "c", true, "Check if the user is valid before trying password")
 	owaCmd.Flags().StringVarP(&owaOptions.Users, "user", "u", "", "User or file containing the emails")
 	owaCmd.Flags().StringVarP(&owaOptions.Passwords, "password", "p", "", "Password or file containing the passwords")
 	owaCmd.Flags().StringVarP(&owaOptions.Target, "target", "t", "", "Host pointing to the OWA service")
-	owaCmd.Flags().IntVar(&owaOptions.Thread, "thread", 2, "Number of threads ")
+	owaCmd.Flags().IntVar(&owaOptions.Thread, "thread", 2, "Number of threads")
+	owaCmd.Flags().BoolVar(&owaOptions.Basic, "basic", false, "Basic authentication instead of NTLM")
 	owaCmd.MarkFlagRequired("user")
 	owaCmd.MarkFlagRequired("password")
 	owaCmd.MarkFlagRequired("target")

src/cmd/enum/azure.go

@@ -1,8 +1,9 @@
 package enum
 
 import (
-	"GoMapEnum/src/azure"
 	"GoMapEnum/src/logger"
+	"GoMapEnum/src/modules/azure"
+	"GoMapEnum/src/orchestrator"
 
 	"github.com/spf13/cobra"
 )
@@ -23,7 +24,10 @@ var azureCmd = &cobra.Command{
 		log.Info("Starting the module Azure")
 		azureOptions.Log = log
 		azureOptions.Proxy = proxy
-		validUsers = azureOptions.UserEnum()
+
+		orchestratorOptions := orchestrator.Orchestrator{}
+		orchestratorOptions.UserEnumFunc = azure.UserEnum
+		validUsers = orchestratorOptions.UserEnum(&azureOptions)
 	},
 }
 

src/cmd/enum/o365.go

@@ -2,7 +2,8 @@ package enum
 
 import (
 	"GoMapEnum/src/logger"
-	"GoMapEnum/src/o365"
+	"GoMapEnum/src/modules/o365"
+	"GoMapEnum/src/orchestrator"
 	"errors"
 	"strings"
 
@@ -31,7 +32,10 @@ var o365Cmd = &cobra.Command{
 		log.Info("Starting the module O365")
 		o365Options.Log = log
 		o365Options.Proxy = proxy
-		validUsers = o365Options.UserEnum()
+		orchestratorOptions := orchestrator.Orchestrator{}
+		orchestratorOptions.CheckBeforeEnumFunc = o365.CheckTenant
+		orchestratorOptions.UserEnumFunc = o365.UserEnum
+		validUsers = orchestratorOptions.UserEnum(&o365Options)
 	},
 }
 

src/cmd/enum/owa.go

@@ -2,7 +2,8 @@ package enum
 
 import (
 	"GoMapEnum/src/logger"
-	"GoMapEnum/src/owa"
+	"GoMapEnum/src/modules/owa"
+	"GoMapEnum/src/orchestrator"
 
 	"github.com/spf13/cobra"
 )
@@ -24,7 +25,11 @@ Credits: https://github.com/busterb/msmailprobe`,
 		log.Info("Starting the module OWA")
 		owaOptions.Log = log
 		owaOptions.Proxy = proxy
-		validUsers = owaOptions.UserEnum()
+
+		orchestratorOptions := orchestrator.Orchestrator{}
+		orchestratorOptions.PreActionUserEnum = owa.InitAndAverageResponseTime
+		orchestratorOptions.UserEnumFunc = owa.UserEnum
+		validUsers = orchestratorOptions.UserEnum(&owaOptions)
 
 	},
 }