plugins

package

v0.1.1 Latest Latest Go to latest Published: May 8, 2026 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dejisec/credbaron

Links

Open Source Insights

Documentation ¶

Overview ¶

Package plugins defines the spray-plugin contract and a global registry. Each plugin lives in its own subpackage and self-registers via init().

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Names ¶

func Names() []string

func Register ¶

func Register(p Plugin)

Register adds p to the global registry. Must be called from init(). Panics on duplicate names.

Types ¶

type Attempt ¶

type Attempt struct {
	URL         string
	Username    string
	Password    string
	UserAgent   string
	PluginArgs  map[string]string
	Client      *http.Client
	ProxySource ProxySource // optional; only populated when plugin needs pinned-proxy flights

	// InsecureTLS mirrors Config.HTTPOpts.InsecureTLS. Plugins that build
	// their own *http.Client (e.g. connection-pinned NTLM flows in ews,
	// owa, and httpbrute) must honor this flag by forwarding it into
	// httpclient.Options — otherwise a global --insecure-tls has no
	// effect on those plugins.
	InsecureTLS bool
}

type Outcome ¶

type Outcome struct {
	Result    Result
	Output    string
	ValidUser bool
	// UserAbsent is true when the plugin has definitive evidence the user
	// does not exist in the target tenant/realm. The engine skips all
	// further password cycles for this username.
	UserAbsent bool
	Err        error
}

type Plugin ¶

type Plugin interface {
	Name() string
	Validate(args map[string]string) (map[string]string, error)
	TestConnect(ctx context.Context, client *http.Client, args map[string]string, userAgent string) error
	Authenticate(ctx context.Context, a Attempt) Outcome
}

func Get ¶

func Get(name string) (Plugin, bool)

type ProxySource ¶

type ProxySource interface {
	Next(ctx context.Context) (*url.URL, error)
}

ProxySource is the minimum interface plugins need to pick a single proxy URL — e.g. for connection-bound NTLM/Kerberos flights where the pre-built Client's per-request proxy-rotation would split the handshake across different IPs.

type Result ¶

type Result string

const (
	ResultSuccess   Result = "success"
	ResultFailure   Result = "failure"
	ResultPotential Result = "potential"
)

type UserEnumerator ¶

type UserEnumerator interface {
	UserEnumOnly() bool
}

UserEnumerator is an optional interface implemented by plugins that only enumerate usernames and never consume a password. The engine drives them with a single empty-password cycle.

Source Files ¶

View all Source files

plugin.go

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
aadsts Package aadsts classifies Azure AD error codes (AADSTS*) into CredBaron plugin outcomes.	Package aadsts classifies Azure AD error codes (AADSTS*) into CredBaron plugin outcomes.
adfs Package adfs sprays AD Federation Services forms-auth endpoints.	Package adfs sprays AD Federation Services forms-auth endpoints.
azuresso Package azuresso sprays Azure AD Seamless SSO via the WS-Trust endpoint.	Package azuresso sprays Azure AD Seamless SSO via the WS-Trust endpoint.
azvault Package azvault sprays Microsoft Online targeting the Azure Key Vault resource.	Package azvault sprays Microsoft Online targeting the Azure Key Vault resource.
ews Package ews sprays Exchange Web Services (/ews/) via NTLM auth.	Package ews sprays Exchange Web Services (/ews/) via NTLM auth.
fortinetvpn Package fortinetvpn sprays a Fortinet/FortiGate VPN portal at /remote/logincheck.	Package fortinetvpn sprays a Fortinet/FortiGate VPN portal at /remote/logincheck.
gmailenum Package gmailenum performs Gmail/GSuite user enumeration via /mail/gxlu.	Package gmailenum performs Gmail/GSuite user enumeration via /mail/gxlu.
httpbrute Package httpbrute performs HTTP Basic / NTLM authentication against a target URL and classifies the result by status code.	Package httpbrute performs HTTP Basic / NTLM authentication against a target URL and classifies the result by status code.
httppost Package httppost is a generic POST spray plugin.	Package httppost is a generic POST spray plugin.
msgraph Package msgraph sprays Microsoft Online targeting the Graph API resource.	Package msgraph sprays Microsoft Online targeting the Graph API resource.
msol Package msol sprays Microsoft Online via the OAuth2 Resource Owner Password	Package msol sprays Microsoft Online via the OAuth2 Resource Owner Password
o365enum Package o365enum performs Office 365 user enumeration via GetCredentialType.	Package o365enum performs Office 365 user enumeration via GetCredentialType.
okta Package okta sprays the Okta primary auth endpoint.	Package okta sprays the Okta primary auth endpoint.
owa Package owa sprays Outlook Web Access via NTLM auth on the autodiscover endpoint.	Package owa sprays Outlook Web Access via NTLM auth on the autodiscover endpoint.
pingfed Package pingfed sprays a Ping Federate IdP via the two-step prp.wsf form flow.	Package pingfed sprays a Ping Federate IdP via the two-step prp.wsf form flow.
pluginutil