Easy way to brute-force web directory. Operating Systems Tested: MacOSX Kali Linux Usage: python crawlbox.py [-h] [-v] [-w WORDLIST] url positional arguments: url specific target url, like domain.com optional arguments: -h, –help show this help message and exit -v, –version show program’s version number and exit -w WORDLIST specific path to wordlist file -d DELAY […]
Crowbar is a tool that is specifically developed to perform brute force attacks during pentesting tests. This tool applies brute force attacks differently than other tools that already exist. Today there is a large number of tools to attack the user / password of an OpenSSH server, however, we did not have any that were […]
SNMP brute force, enumeration, CISCO config downloader and password cracking script. Listens for any responses to the brute force community strings, effectively minimising wait time. Requirements metasploit snmpwalk snmpstat john the ripper Usage python snmp-brute.py -t [IP] Options–help, -h show this help message and exit–file=DICTIONARY, -f DICTIONARY Dictionary file–target=IP, -t IP Host IP–port=PORT, -p PORT […]
This version of the application is written with Python programming language,which is used to crack the Restriction PassCode of iphone/ipad. Brute Force Get the Base64 key and salt from the backup file in Computer. Decode the Base64 key and salt. Try from 1 to 9999 to with the pbkdf2-hmac-sha1 hash with passlib (passlib moudle need […]
Instagram-Py is a simple python script to perform basic brute force attack against Instagram , this script can bypass login limiting on wrong passwords , so basically it can test infinite number of passwords. Instagram-Py is proved and can test over 6M passwords on a single instagram account with less resource as possible This script […]
Red Login: SSH Brute-force Tools. Features: High speed and precision CLI ( Console based ) Run the arbitrary command after the attack is successful ( Default ‘Uname -a’ ) Telegram messanger support for sending reports via bot API Usage: Redlogin.exe (Optional) -telegram ==> List of targets ip list ==> List of usernames want to test ==> List of […]
BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap. Installation pip install -r requirements.txt On Kali: apt-get install brutespray Usage First do an nmap scan with -oG nmap.gnmap or -oX nmap.xml. Command: python brutespray.py -h Command: python brutespray.py –file nmap.gnmap […]
Brute-Force Patator – Multi-purpose brute-forcer modular design Brute-Force Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another […]
dirsearch is a simple command line tool designed to brute force directories and files in websites. Operating Systems supported Windows XP/7/8/10 GNU/Linux MacOSX Features Multithreaded Keep alive connections Support for multiple extensions (-e|–extensions asp,php) Reporting (plain text, JSON) Heuristically detects invalid web pages Recursive brute forcing HTTP proxy support User agent randomization Batch processing Request […]
WildFly, formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition (Java EE) specification. It runs on multiple platforms. WildFly is free and open-source software, subject to the requirements of the GNU Lesser […]
Crowbar (formally known as Levye) is a python based brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by THC-Hydra and other popular brute forcing tools. Currently, Crowbar supports: OpenVPN (-b openvpn) Remote Desktop Protocol (RDP) with NLA support (-b rdp) SSH private […]
wpbf is a Python-based bruteforce tool for remotely testing password strength, username enumeration and plugin detection on a WordPress site. How It Works The script will try to login to the WordPress dashboard through the login form using a mixture of enumerated usernames, a wordlist and relevant keywords from the blog’s content. If a single […]
Instabrute exploit module bruteforces usernames and password for any given account. Features Check username existence Check password for a given username Dependencies Mechanize CookieLib Simplejson OptParse Selenium Usage: usage: git clone https://github.com/chinoogawa/instaBrute cd instaBrute pip install selenium pip install Mechanize pip install Simplejson pip install OptParse pip install Mechanize python instabrute.py -h ( for Helper) […]
Blazy is a modern login page bruteforcer. Features Easy target selections Smart form and error detection CSRF and Clickjacking Scanner Cloudflare and WAF Detector 90% accurate results Checks for login bypass via SQL injection Multi-threading 100% accurate results Better form detection and compatibility Requirements Beautiful Soup Mechanize Usages Open your terminal and enter git clone […]
According to Kali, THC-Hydra Tool is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This Tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely. It […]
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc. Features Multiple Injection points capability with multiple dictionaries Recursion (When doing directory bruteforce) […]
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc Features Multiple Injection points capability with multiple dictionaries Recursion (When doing directory bruteforce) Post, […]
WIBR is an android app that you can use to break into a password protected (weak) WiFi network. It is actually a brute forcer that allows you to perform a dictionary attack on the target. If you don’t know what is a dictionary attack, read this Wikipedia article: Dictionary_Attack Note: Turn on your WiFi before […]
A “determined” attacker has breached the email system of the UK Parliament over the weekend, according to a statement put out by the UK government on Sunday afternoon. The attack took place on Saturday and consisted of a brute-force attack that attempted to guess the passwords of email accounts belonging to various members of Parliament […]
BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap. Usage First do an nmap scan with -oG nmap.gnmap or -oX nmap.xml. Command: python brutespray.py -h Command: python brutespray.py –file nmap.gnmap Command: python brutesrpay.py –file nmap.xml Command: python brutespray.py […]
A new Linux malware has been spotted in the wild by security researchers at Eset, and it is much more sophisticated than any of the previously known Linux based malware. The security researchers have named this malware as “Linux/Shishiga” which utilizes four different protocols according to Eset research team. The protocols used are Telnet, HTTP and […]