An automated brute forcing tool
This project focusing on Brute Forcing HTTP protocol AUTOMATICALLY.
Requirements
name |
---|
python2 |
python2-pip |
re |
python-mechanize |
sudo apt install python python-mechanize python-regex git
git clone https://github.com/dmknght/BruteforceHTTP.git
Usage: main.py [options] <url>
Options:
-u <word_list> : Add word list for username field
-p <word_list> : Add word list for password field
-U <username>: user1:user2:user3
Use default userlist and passlit:
python main.py <Target URL>
Use default passlist for user admin
(for multiple usernames, use user1:user2:user3
):
python main.py -U admin <Target URL>
Use custom userlist and custom passlist:
python main.py -u <path to userlist> -p <path to passlist> <Target URL>
This tool will detect form field automatically, collect information and submit data therefor it can handle csrf token.
Problems:
- Detect form field error for some special cases. We will try to improve our function.
- Wrong password matching: matching condition is not completed.
Further improvement (See TODO.md)
This tool was created in Parrot Security OS 3.11, python 2.7.15rc1. Windows platform is unsupported
Special thank to all authors of these projects: