chore(deps): bump golang.org/x/term from 0.41.0 to 0.42.0#267
Open
dependabot[bot] wants to merge 593 commits intodevfrom
Open
chore(deps): bump golang.org/x/term from 0.41.0 to 0.42.0#267dependabot[bot] wants to merge 593 commits intodevfrom
dependabot[bot] wants to merge 593 commits intodevfrom
Conversation
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.32.0. - [Commits](golang/net@v0.21.0...v0.32.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.29.0 to 0.30.0. - [Commits](golang/crypto@v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/denisenkom/go-mssqldb](https://github.com/denisenkom/go-mssqldb) from 0.0.0-20191124224453-732737034ffd to 0.12.3. - [Release notes](https://github.com/denisenkom/go-mssqldb/releases) - [Commits](https://github.com/denisenkom/go-mssqldb/commits/v0.12.3) --- updated-dependencies: - dependency-name: github.com/denisenkom/go-mssqldb dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…hub.com/denisenkom/go-mssqldb-0.12.3 Bump github.com/denisenkom/go-mssqldb from 0.0.0-20191124224453-732737034ffd to 0.12.3
…ang.org/x/crypto-0.30.0 Bump golang.org/x/crypto from 0.29.0 to 0.30.0
…ang.org/x/net-0.32.0 Bump golang.org/x/net from 0.21.0 to 0.32.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.24.0 to 0.31.0. - [Commits](golang/crypto@v0.24.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
…org/x/crypto-0.31.0 Bump golang.org/x/crypto from 0.24.0 to 0.31.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.30.0 to 0.31.0. - [Commits](golang/crypto@v0.30.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
- Consolidate 6 duplicated supported-service lists into single shared supportedScanServices slice - Add NAME_MAP entries: exec->rexec, login->rlogin, shell->rsh, ftp-ssl->ftps, ftps->ftps - Add default ports in Host.Parse(): ftps(990), smtp-vrfy(25), rexec(512), rlogin(513), rsh(514), wrapper(0) - Add wordlist manifest entries for ftps (alias ftp), smtp-vrfy, rexec, rlogin, rsh, wrapper - Update parse tests for new service mappings and http support
- Change FTP passive port range from 20100-20110 to 20200-20210 to avoid conflict with GreenMail POP3 on port 20110 - Build binary as brutespray-bin to avoid collision with brutespray/ dir - Use bash /dev/tcp for port checks instead of nc (not always available)
- FTP: switch to fauria/vsftpd with PASV_ADDRESS=127.0.0.1 - Telnet: Alpine 3.14 + busybox-extras (has telnetd applet) - VNC: consol/rocky-xfce-vnc with TigerVNC (proper VNC Auth Type 2) - All 11 services verified: valid creds succeed, invalid creds rejected
- Unit tests: build, vet, go test -race on push/PR - Integration tests: Docker Compose with 11 services, tests both valid and invalid credentials for each service - Fix lint error in rexec_test.go (unchecked conn.Write)
New modules: - HTTP Form brute-forcing (http-form, https-form) with %U/%W placeholders - SVN repository HTTP Basic auth - SSH key authentication (-m key:/path or -m key:true) - SMTP NTLM auth via go-ntlmssp New CLI features: - Password generation (-x MIN:MAX:CHARSET) for PIN/short password attacks - Reversed username as password (-e r) - --allow-wrapper security gate for wrapper module - JSON per-attempt output (--output-format json) - Proxy list rotation (--proxy-list file) - PwDump file format auto-detection for pass-the-hash Includes 43 new unit tests (111 total), comprehensive docs update. All tests pass with -race.
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.51.0 to 0.52.0. - [Commits](golang/net@v0.51.0...v0.52.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.52.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
… param - https-form now auto-sets params["https"]="true" in run.go (was HTTP) - Remove unused PwDumpMode global (race-prone, never read) - URL-encode %U/%W placeholders for form-urlencoded bodies (prevents body corruption when credentials contain & or =) - SVN module checks params["https"] in addition to port 443 - Add SMTP NTLM auth test with mock 3-step exchange - Add proxy rotation tests (empty, comments, auth, invalid, bare) - Add JSON output format test - Add HTTP form URL-encoding and JSON body tests - Fix errcheck lint violations across test files
…nations - NNTP: move Dial outside goroutine, use deadline-based cancellation to prevent goroutine+connection leak on timeout - SMB: same pattern — dial before goroutine, force deadline on timeout, close conn to guarantee cleanup - POP3: USER/PASS write/read failures after successful greeting now return ConnectionSuccess=true (connection was established) - Delete dead CalcCombinations/CalcCombinationsPass/CalcCombinationsCombo functions and replace callsite with len(users)
…, db/domain params - SOCKS5: verify proxy is functional after auth with CONNECT request (false positive prevention) - FTP: detect 530 responses and skip remaining passwords for non-existent users - Pool: SkipUser propagation via sync.Map on HostWorkerPool - Telnet: Russian/Spanish/Cisco prompt patterns, shell prompt (>/%) success detection - MySQL: -m dbname:NAME parameter - MSSQL: -m domain:NAME parameter for Windows domain auth - Redis: -m db:N parameter for database selection - Asterisk/POP3/SSH/SNMP/telnet/winrm/rexec/rlogin/rsh/teamspeak: prior round fixes
…, config validation, tests - POP3: APOP failure in auto mode now reconnects and retries with USER/PASS instead of silently returning auth failure - Pool: add ResetForRetry() to clear stop-on-success state before retry pass, preventing silent credential loss - SNMP: tighten v2c inner timeout from timeout/2 to timeout/3 - Migrate 7 modules (vmauthd, nntp, rexec, rlogin, rsh, xmpp, smtpvrfy) from manual timer+select+goroutine to RunWithTimeout for consistency - Config: add Validate() checking -u/-C exclusivity and unknown service names - Telnet: fix unchecked conn.Write returns (errcheck lint) - Add pool lifecycle tests (5 tests) and module tests for imap, redis, teamspeak, vmauthd, asterisk
… race) The go-imap client library has a known internal data race between its reader goroutine and execute method. Use build-tag-based raceEnabled constant to skip IMAP tests when -race is active. Tests still run normally without the race detector.
…ting - modules/calc.go: validate combo string contains colon before split access, exit cleanly instead of index-out-of-range panic - brute/smbnt.go: move conn.Close() into default branch so handleResult doesn't double-close when goroutine result is drained after timeout - brutespray/dispatch.go: capture hostSem reference before acquire so deferred release targets the same channel if SetHostParallelism swaps it
New docs/wordlists.md covers the three-layer architecture (base/layers/overrides), manifest format with annotated YAML examples, runtime resolution call chain, deduplication/merge order, CLI override patterns, and contributor guide. Collapse the advanced.md section to a pointer and wire README links.
Co-authored-by: x90skysn3k <22178125+x90skysn3k@users.noreply.github.com>
Bumps [github.com/Azure/go-ntlmssp](https://github.com/Azure/go-ntlmssp) from 0.0.0-20221128193559-754e69321358 to 0.1.0. - [Release notes](https://github.com/Azure/go-ntlmssp/releases) - [Commits](https://github.com/Azure/go-ntlmssp/commits/v0.1.0) --- updated-dependencies: - dependency-name: github.com/Azure/go-ntlmssp dependency-version: 0.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.11.2 to 1.12.0. - [Release notes](https://github.com/lib/pq/releases) - [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md) - [Commits](lib/pq@v1.11.2...v1.12.0) --- updated-dependencies: - dependency-name: github.com/lib/pq dependency-version: 1.12.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap) from 3.4.12 to 3.4.13. - [Release notes](https://github.com/go-ldap/ldap/releases) - [Commits](go-ldap/ldap@v3.4.12...v3.4.13) --- updated-dependencies: - dependency-name: github.com/go-ldap/ldap/v3 dependency-version: 3.4.13 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/x90skysn3k/grdp](https://github.com/x90skysn3k/grdp) from 1.0.1 to 1.0.2. - [Release notes](https://github.com/x90skysn3k/grdp/releases) - [Commits](x90skysn3k/grdp@v1.0.1...v1.0.2) --- updated-dependencies: - dependency-name: github.com/x90skysn3k/grdp dependency-version: 1.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot
Bot
added
dependencies
Bumps [golang.org/x/term](https://github.com/golang/term) from 0.41.0 to 0.42.0. - [Commits](golang/term@v0.41.0...v0.42.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps golang.org/x/term from 0.41.0 to 0.42.0.
Commits
52b71d3go.mod: update golang.org/x dependenciesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)