An automated brute forcing tool
This project focusing on Brute Forcing HTTP protocol AUTOMATICALLY.
Requirements
name |
---|
python2 |
python2-pip [optional] |
python-regex |
python-mechanize |
sudo apt install python python-mechanize python-regex git
git clone https://github.com/dmknght/BruteforceHTTP.git
Usage: main.py [options] <url>
Options:
-u <word_list> : Add word list for username field
-p <word_list> : Add word list for password field
-U <username>: user1:user2:user3
Use default userlist and passlit:
python main.py <Target URL>
Use default passlist for user admin
(for multiple usernames, use user1:user2:user3
):
python main.py -U admin <Target URL>
Use custom userlist and custom passlist:
python main.py -u <path to userlist> -p <path to passlist> <Target URL>
This tool will detect form field automatically, collect information and submit data therefor it can handle csrf token.
Problems:
- Detect form field error for some special cases. We will try to improve our function.
- Wrong password matching: matching condition is not completed.
Further improvement (See TODO.md)
- Mechanize does not execute Javascript. This tool will not work if it is provided any website that uses Javascript to display form.
- Gmail login is having error
This tool was created in Parrot Security OS 3.11, python 2.7.15rc1. Windows platform is unsupported
Special thank to all authors of these projects: