Optimize the NcrackCredentialTester module.

- Ncrack is not batched anymore: this means that only one `ncrack` process will handle all of the brute-force. Previously, credentials were batched to different ncrack process, making internal optimization impossible (e.g. if an account is cracked on one instance, other instance will continue trying to crack it); - We do not pass credential pairs to ncrack anymore: Instead of providing ncrack with precomuted pairs of login/credentials, we provide it with a username and password list that it can combine internally. This also seem to affect the ability of ncrack to internally optimize attempts. When performing local tests on my setup, this change decrease the overall running time of the module by about 10% (from ~43 to ~39 minutes). PiperOrigin-RevId: 672497135 Change-Id: I0c0816a459674ed0ab3b895aadce414d6304f140
google · Sep 9, 2024 · 646ed26 · 646ed26
1 parent 1fb333a
commit 646ed26
Showing 1 changed file with 10 additions and 12 deletions.
diff --git a/...tors/credentials/genericweakcredentialdetector/testers/ncrack/NcrackCredentialTester.java b/...tors/credentials/genericweakcredentialdetector/testers/ncrack/NcrackCredentialTester.java
@@ -16,11 +16,11 @@
 package com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.ncrack;
 
 import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.collect.ImmutableSet.toImmutableSet;
 
-import com.google.common.collect.ArrayListMultimap;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.Multimap;
+import com.google.common.collect.ImmutableSet;
 import com.google.common.flogger.GoogleLogger;
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import com.google.tsunami.common.command.CommandExecutionThreadPool;
@@ -116,7 +116,7 @@ public boolean canAccept(NetworkService networkService) {
 
   @Override
   public boolean batched() {
-    return true;
+    return false;
   }
 
   @Override
@@ -127,6 +127,11 @@ public ImmutableList<TestCredential> testValidCredentials(
       return ImmutableList.of();
     }
 
+    ImmutableSet<String> usernames =
+        credentials.stream().map(TestCredential::username).collect(toImmutableSet());
+    ImmutableSet<String> passwords =
+        credentials.stream().map(cred -> cred.password().orElse("")).collect(toImmutableSet());
+
     try {
       // We use a Provider here to get a new NcrackClient object because this function might be
       // called multiple times in the client code.
@@ -136,8 +141,8 @@ public ImmutableList<TestCredential> testValidCredentials(
               .withTimingTemplate(TimingTemplate.NORMAL)
               .withQuitCrackingAfterOneFound()
               .withNetworkEndpoint(networkService.getNetworkEndpoint())
-              .usingUsernamePasswordPair(
-                  generateTestCredentialsMapFromListOfCredentials(credentials))
+              .usingUsernameList(usernames)
+              .usingPasswordList(passwords)
               .onTargetService(getTargetService(networkService))
               .run(this.executor);
 
@@ -157,11 +162,4 @@ public ImmutableList<TestCredential> testValidCredentials(
   private static TargetService getTargetService(NetworkService networkService) {
     return SERVICE_MAP.get(NetworkServiceUtils.getServiceName(networkService));
   }
-
-  private static Multimap<String, String> generateTestCredentialsMapFromListOfCredentials(
-      List<TestCredential> credentials) {
-    Multimap<String, String> map = ArrayListMultimap.create();
-    credentials.forEach(c -> map.put(c.username(), c.password().orElse("")));
-    return map;
-  }
 }