A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. “GoBruteforcer chose a Classless Inter-Domain Routing (CIDR) block for scanning the network during the attack, and it targeted all IP addresses within that CIDR range,” Palo Alto Networks Unit 42 […]
An XMLRPC brute forcer targeting WordPress written in Python 3. In the context of xmlrpc brute forcing, its faster than Hydra and WpScan. It can brute force 1000 passwords per second. Usage python3 xmlrcpbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt username python3 xmlrpcbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt userlist.txt Bugs If you get an xml.etree.ElementTree.ParseError: Did you forget to add ‘xmlrpc’ […]
A tool to Brute force social media, email and streaming accounts. Install Brute_force pip install proxylist pip install mechanizegit clone https://github.com/Matrix07ksa/Brute_Force Usage: BruteForce Gmail Attack python3 Brute_Force.py -g Account@gmail.com -l File_list python3 Brute_Force.py -g Account@gmail.com -p Password_Single BruteForce Hotmail Attack python3 Brute_Force.py -t Account@hotmail.com -l File_list python3 Brute_Force.py -t Account@hotmail.com -p Password_Single […]
DEVELOPMENT BRANCH: The current branch is a development version. Go to the stable release by clicking on the master branch. Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the “index of” mode enabled. Dirhunt is also useful if the directory listing is […]
SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ]. SocialBox Installation sudo apt-get install git sudo git clone https://github.com/TunisianEagles/SocialBox.git cd SocialBox chmod +x SocialBox.sh chmod +x install-sb.sh ./install-sb.sh ./SocialBox.sh Tested On Backbox linux Ubuntu Kali linux Screenshots
iCloudBrutter is a simple python (3.x) script to perform basic bruteforce attack againts AppleID. Usage of iCloudBrutter for attacking targets without prior mutual consent is illegal. iCloudBrutter developer not responsible to any damage caused by iCloudBrutter. Installation $ git clone https://github.com/m4ll0k/iCloudBrutter.git $ cd iCloudBrutter $ pip3 install requests,urllib3,socks $ python3 icloud.py Download iCloudBrutter
How DUMB works Dumb works with a masked dumain for substitution. The dumain can have as many masks as you want as long as you pass the according wordlists, explain information security training experts. Bruteforcing subdumains: Using the mask DUMB.dumain.com and the following wordlists: www ftp backoffice Dumb will generate the following dumains for bruteforce: http://www.dumain.com. ftp.dumain.com. […]
This version of the application is written with Python programming language,which is used to crack the Restriction PassCode of iphone/ipad. Brute Force Get the Base64 key and salt from the backup file in Computer. Decode the Base64 key and salt. Try from 1 to 9999 to with the pbkdf2-hmac-sha1 hash with passlib (passlib moudle need […]
Instabrute exploit module bruteforces usernames and password for any given account. Features Check username existence Check password for a given username Dependencies Mechanize CookieLib Simplejson OptParse Selenium Usage: usage: git clone https://github.com/chinoogawa/instaBrute cd instaBrute pip install selenium pip install Mechanize pip install Simplejson pip install OptParse pip install Mechanize python instabrute.py -h ( for Helper) […]
Blazy is a modern login page bruteforcer. Features Easy target selections Smart form and error detection CSRF and Clickjacking Scanner Cloudflare and WAF Detector 90% accurate results Checks for login bypass via SQL injection Multi-threading 100% accurate results Better form detection and compatibility Requirements Beautiful Soup Mechanize Usages Open your terminal and enter git clone […]
According to Kali, THC-Hydra Tool is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This Tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely. It […]
WIBR is an android app that you can use to break into a password protected (weak) WiFi network. It is actually a brute forcer that allows you to perform a dictionary attack on the target. If you don’t know what is a dictionary attack, read this Wikipedia article: Dictionary_Attack Note: Turn on your WiFi before […]
Brute-force (dictionary attack, jk) attack that supports multiple protocols and services http://ex0dus-0x.github.io Introduction brut3k1t is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are: ssh ftp smtp XMPP instagram facebook There will be future implementations of different protocols and services (including Twitter, Facebook, […]
BruteXSS is a very speedy go-site Scripting Brute forcing tool which can brute force parameters. It lets in you to inject several payloads from a wordlist to that particular parameters and then check the selected web page for XSS vulnerabilities. in line with the builders, “BruteXSS is noticeably correct at doing its mission and there’s […]
WiFi Bruteforcer is an android application that bruteforces WiFi passwords using an android device. It does not require a rooted device and is very fast and reliable. The tool has been developed by Fsecurify. Usage: Turn on your wifi. Open the application and scan networks. Select any WEP/WPA2 network and a new screen will open. […]
BruteForcer is a client-server multithreaded application for bruteforcing RAR file passwords. Actually, this tool is not limited to the RAR files, it is just that the tool comes with a RAR archive plugin. If you have a suitable plugin, it will support any file you want. But unfortunately there are no such plugins, if you […]
Doona is a forked version of the Bruteforce Exploit Detection tool or simply BED. The Bruteforce Exploit Detection tool is designed to check for the daemons for potential buffer overflows, format the string bugs etc. In Australian , Doona means duvet. Doona adds a lot of new features and changes to the BED. If you […]
FTP MySQL MSSQ MongoDB Redis Telnet Elasticsearch PostgreSQL. Compatible Operating system: OSX Linux Windows Python 2.6+ How to run the command: python F-Scrack.py -h 192.168.1 [-p 21,80,3306] [-m 50] [-t 10] -h Supports ip(192.168.1.1), ip range (192.168.1) (192.168.1.1-192.168.1.254), ip list (ip.ini) , maximum 65535 ips per scan. -p Ports you want to scan, use comma […]