Think, Talk, Hack

Browsing category

Bruteforcing

Brute_Force – BruteForce Gmail, Hotmail, Twitter, Facebook & Netflix

A tool to Brute force social media, email and streaming accounts. Install Brute_force pip install proxylist pip install mechanizegit clone https://github.com/Matrix07ksa/Brute_Force   Usage:   BruteForce Gmail Attack python3 Brute_Force.py -g Account@gmail.com -l File_list python3 Brute_Force.py -g Account@gmail.com -p Password_Single   BruteForce Hotmail Attack python3 Brute_Force.py -t Account@hotmail.com -l File_list python3 Brute_Force.py -t Account@hotmail.com -p Password_Single […]

root

GoBuster v3.0 – Directory/File, DNS and VHost busting tool written in Go

Gobuster is a tool used to brute-force: URIs (directories and files) in web sites, DNS subdomains (with wildcard support) and Virtual Host names on target web servers. Changes in 3.0 New CLI options so modes are strictly seperated (-m is now gone!) Performance Optimizations and better connection handling Ability to bruteforce vhost names Option to […]

root

HashCK – Automated Hashcracking Tool

HashCK is a Hash Cracking script that can crack the 10 most popular cryptographic hash algorithms. Hashck features – Bruteforce Md5 Hash – Bruteforce Sha-1 sha-224 sha-256 sha-384 sha-512 Mysql Hashes – Search Hash in 6 Biggest Online Hash Database – It Has 555372 Cracked Hashes Stored Offline – Fast Numeric Bruteforce Using Md5crack – […]

root

Facebash – Facebook Brute Forcer in shellscript using TOR

Facebook Brute Forcer in shellscript using TOR WARNING: Facebook blocks account for 1 hour after 20 wrong passwords, so this script can perform only 20 pass/h. Features Save/Resume sessions Anonymous attack through TOR Default Password List (+39k) How to Hack any Facebook Account with Z-Shadow Usage: git clone https://github.com/thelinuxchoice/facebash cd instashell chmod +x facebash.sh service […]

root

Kerbrute – A Tool To Perform Kerberos Pre-Auth Bruteforcing

A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication. Background This tool grew out of some bash scripts I wrote a few years ago to perform bruteforcing using the Heimdal Kerberos client from Linux. I wanted something that didn’t require privileges to install a Kerberos client, and when I found […]

root

Password Cracking and Login Brute-force [Stats]

People are frequently misguided and look at the password brute-forcing (password cracking) as on a miracle approach to gain access to something, especially people not engaged in IT industry, non-tech folks (not sure if Hollywood is to blame). In any case, numerous times we’ve received inquiries from people asking us to “brute-force” some hashes or […]

root

Hatch – Tool To Brute Force Most Websites

Hatch is a brute force tool that is used to brute force most websites Installation Instructions git clone https://github.com/MetaChar/Hatch python2 main.py Requirements pip2 install selenium pip2 install pyvirtualdisplay pip2 install requests sudo apt-get install xvfb chrome driver and chrome are also required! link to chrome driver: http://chromedriver.chromium.org/downloads copy it to bin! How to use (text) […]

root

VoiceMailAutomator – Compromising Online Accounts by Cracking Voicemail Systems

voicemailautomator is a tool that serves as a Proof of Concept for “Compromising online accounts by cracking voicemail systems”. voicemailautomator supports two actions: “message” – retrieves and records the newest message in the voicemail system. It returns a URL with the recording. “greeting” – changes the greeting message to specific DTMF tones   It uses […]

root

Aron – A GO Script For Finding Hidden GET & POST Parameters

Aron is a simple GO script for finding hidden GET & POST parameters with bruteforce. Aron Installation $ git clone https://github.com/m4ll0k/Aron.git aron $ cd aron $ go get github.com/m4ll0k/printer # now check if $GOPATH is set $ go env | grep -i gopath # if $GOPATH not set, try with: $ export GOPATH=$HOME/go $ go […]

root

Autocrack – Hashcat Wrapper To Help Automate The Cracking Process

Autocrack is python script is a Hashcat wrapper to help automate the cracking process. The script includes multiple functions to select a set of wordlists and rules, as well as the ability to run a bruteforce attack, with custom masks, before the wordlist/rule attacks. Autocrack uses Python 3, which is usually installed already in various […]

root

0d1n – Tool For Bruteforcing Web Applications

0d1n is a tool for automating customized attacks against web applications. It is an Open Source web application bruteforcer and Fuzzer, its objective is to automate exhaustive tests to find anomalies/vulnerabilities. These tests can follow web parameters, files, directories, forms and others. Features: Brute force login and passwords in auth forms Directory disclosure ( use […]

root

WordBrutePress – A Multithreaded WordPress Bruteforcing Tool

WordBrutePress is a Python-based Multithreaded WordPress bruteforcing tool. Features: Multithreading XML-RPC brute force mode HTTP and https protocols support Random User Agent Big wordlist support Usage: Standard login request: python wordbrutepress.py -S -t http[s]://target.com[:port] -u username -w wordlist [–timeout in sec] Xml-rpc login request: python wordbrutepress.py -X -t http[s]://target.com[:port] -u username -w wordlist [–timeout in […]

root

CrawlBox – Easy Way to Brute-force Web Directory

Easy way to brute-force web directory. Operating Systems Tested: MacOSX Kali Linux Usage: python crawlbox.py [-h] [-v] [-w WORDLIST] url positional arguments: url specific target url, like domain.com optional arguments: -h, –help show this help message and exit -v, –version show program’s version number and exit -w WORDLIST specific path to wordlist file -d DELAY […]

root

CredCrack – A Fast and Stealthy Credential Harvester

CredCrack is a fast and stealthy credential harvester. It exfiltrates credentials recursively in memory and in the clear. Upon completion, CredCrack will parse and output the credentials while identifying any domain administrators obtained. CredCrack also comes with the ability to list and enumerate share access and yes, it is threaded! CredCrack has been tested and […]

root

Wavecrack – Password Recovery Platform

A user-friendly Web interface to share a hashcat cracking box among multiple users with some pre-defined options.   Outline This Web application can be used to launch asynchronous password cracks with hashcat. The interface tries to be as user-friendly as possible and facilitates the password cracking method choice and to automate the succession of various attack modes. It also […]

root

THC-Hydra – Very Fast Network Logon Cracker

Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast. This fast, and many will say fastest network logon cracker supports many different services. Deemed ‘The […]

root

Wfuzz – Web Application Password Cracking Tool

Wfuzz is a web application password cracker that has a lot of features such as post data brute-forcing, header brute-forcing, colored output, URL encoding, cookie fuzzing, multi-threading, multiple proxy support, SOCK support, authentication support, baseline support, and more. It also offers multiple Injection points capability with multiple dictionaries, and recursion (when doing directory brute-force), and the HEAD […]

root

Crowbar – Brute Forcing Tool

Crowbar (formally known as Levye) is a python based brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by THC-Hydra and other popular brute forcing tools. Currently, Crowbar supports: OpenVPN (-b openvpn) Remote Desktop Protocol (RDP) with NLA support (-b rdp) SSH private […]

root