GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → koutto → Web Brutator

koutto / Web Brutator

Fast Modular Web Interfaces Bruteforcer

Programming Languages

python
139335 projects - #7 most used programming language

Labels

hackingcmspentestingpentesthacking-toolbruteforcebrute-force

Projects that are alternatives of or similar to Web Brutator

Dirsearch
Web path scanner
Stars: ✭ 7,246 (+7370.1%)
Mutual labels:  hacking, pentesting, hacking-tool, bruteforce, brute-force
Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (+647.42%)
Mutual labels:  hacking, pentesting, pentest, hacking-tool
Thc Hydra
hydra
Stars: ✭ 5,645 (+5719.59%)
Mutual labels:  pentesting, pentest, bruteforce, brute-force
Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+698.97%)
Mutual labels:  hacking, pentesting, pentest, hacking-tool
Sippts
Set of tools to audit SIP based VoIP Systems
Stars: ✭ 116 (+19.59%)
Mutual labels:  hacking, pentesting, pentest, hacking-tool
T14m4t
Automated brute-forcing attack tool.
Stars: ✭ 160 (+64.95%)
Mutual labels:  hacking, hacking-tool, bruteforce, brute-force
Webmap
A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing
Stars: ✭ 188 (+93.81%)
Mutual labels:  hacking, pentesting, hacking-tool, bruteforce
Thc Archive
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (+388.66%)
Mutual labels:  hacking, pentesting, pentest, hacking-tool
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+1071.13%)
Mutual labels:  hacking, pentesting, pentest, hacking-tool
Lockdoor Framework
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (+597.94%)
Mutual labels:  hacking, pentesting, hacking-tool
Cloudfail
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Stars: ✭ 1,239 (+1177.32%)
Mutual labels:  pentesting, pentest, bruteforce
Evillimiter
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Stars: ✭ 764 (+687.63%)
Mutual labels:  hacking, pentesting, hacking-tool
Jok3r
Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Stars: ✭ 645 (+564.95%)
Mutual labels:  hacking, pentest, hacking-tool
Powershell Rat
Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
Stars: ✭ 636 (+555.67%)
Mutual labels:  hacking, pentesting, hacking-tool
Hacker Roadmap
📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.
Stars: ✭ 7,752 (+7891.75%)
Mutual labels:  hacking, pentest, hacking-tool
Xattacker
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (+824.74%)
Mutual labels:  hacking, pentest, hacking-tool
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 870 (+796.91%)
Mutual labels:  hacking, pentesting, hacking-tool
Habu
Hacking Toolkit
Stars: ✭ 635 (+554.64%)
Mutual labels:  hacking, pentesting, pentest
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+9158.76%)
Mutual labels:  hacking, pentesting, hacking-tool
Vulnx
vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}
Stars: ✭ 1,009 (+940.21%)
Mutual labels:  hacking, pentest, hacking-tool
View All Similar Projects ➔

Web Brutator

Fast Modular Web Interfaces Bruteforcer

📥 Install

python3 -m pip install -r requirements.txt

⏩ Usage

$ python3 web-brutator.py -h

 __      __      ___.            __________                __          __                
/  \    /  \ ____\_ |__          \______   \_______ __ ___/  |______ _/  |_  ___________ 
\   \/\/   // __ \| __ \   ______ |    |  _/\_  __ \  |  \   __\__  \   __\ /  _ \_  _ _\
 \        /\  ___/| \_\ \ /_____/ |    |   \ |  | \/  |  /|  |  / __ \|  | (  <_> )  | \/
  \__/\  /  \___  >___  /         |______  / |__|  |____/ |__| (____  /__|  \____/|__|   
       \/       \/    \/                 \/                         \/                   
                                                                        Version 0.2

usage: web-brutator.py [-h] [--url URL] [--target TYPE] [-u USERNAME]
                       [-U USERLIST] [-p PASSWORD] [-P PASSLIST]
                       [-C COMBOLIST] [-t THREADS] [-s] [-v] [-e MAX_ERRORS]
                       [--timeout TIMEOUT] [-l]

optional arguments:
  -h, --help                   show this help message and exit
  --url URL                    Target URL
  --target TYPE                Target type
  -u, --username USERNAME      Single username
  -U, --userlist USERLIST      Usernames list
  -p, --password PASSWORD      Single password
  -P, --passlist PASSLIST      Passwords list
  -C, --combolist COMBOLIST    Combos username:password list
  -t, --threads THREADS        Number of threads [1-50] (default: 10)
  -s, --stoponsuccess          Stop on success
  -v, --verbose                Print every tested creds
  -e, --max-errors MAX_ERRORS  Number of accepted consecutive errors (default: 10)
  --timeout TIMEOUT            Time limit on the response (default: 20s)
  -l, --list-modules           Display list of modules

Example:

python3 web-brutator.py --target jenkins --url https://mytarget.com -U ./usernames.txt -P ./passwords.txt -s -t 40

🚀 Available Modules

  • axis2
  • coldfusion
  • glassfish
  • htaccess
  • jboss
  • jenkins
  • joomla
  • railo
  • standardform
  • tomcat
  • weblogic
  • websphere

Notice: Some products implement account lockout after a given number of failed authentication attempts, by default (e.g. Weblogic, Tomcat...). web-brutator notices the user at the beginning of bruteforce attack if it is the case. Take this into account before launching bruteforce on such targets.

💡 Standard web authentication form Auto-Detection

web-brutator can automatically detect standard web authentication forms and perform bruteforce automatically. This feature is available via the module standardform, it is still experimental and can lead to false positives/negatives since it is based on several heuristics.

Not supported:

  • Web authentication using Javascript;
  • Authentication with CAPTCHA;
  • 2-step authentication ...

Example:

python3 web-brutator.py --target standardform --url https://mytarget.com -U ./usernames.txt -P ./passwords.txt -s -t 40 -v

Demo This demo is against a phpMyAdmin interface

🔧 Add new module / Contribute

Adding a new authentication bruteforce module is pretty straightforward:

  1. Create a new file with appropriate name under lib/core/modules/
  2. Create a class in this file, using the following template. Development is very easy, check any existing module under lib/core/modules/ for some examples. Note that HTTP requests should be done via the static methods provided by Requester class: Requester.get(), Requester.post(), Requester.http_auth().
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from lib.core.Exceptions import AuthException, RequestException
from lib.core.Logger import logger
from lib.core.Requester import AuthMode, Requester


class Mymodule:

    def __init__(self, url, verbose=False):
        self.url = url
        # Other self variables can go here


    def check(self):
    	"""
    	This method is used to detect the presence of the targeted authentication
    	interface.
    	:return: Boolean indicating if the authentication interface has been detected
    	"""
    	# Implement code here


    def try_auth(self, username, password):
    	"""
    	This method is used to perform one authentication attempt.
    	:param str username: Username to check
    	:param str password: Password to check
    	:return: Boolean indicating authentication status
    	:raise AuthException:
    	"""
        # Implement code here
  1. Module is then automatically available (check using -l option) from the command-line.
  2. Test the module to make sure it is working as expected !
  3. Make a pull request to add the module to the project ;)
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].