GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → erforschr → Bruteforce Http Auth

erforschr / Bruteforce Http Auth

Bruteforce HTTP Authentication

Programming Languages

python
139335 projects - #7 most used programming language
basic
69 projects

Labels

httpauthenticationhttpspentestbruteforcedigest

Projects that are alternatives of or similar to Bruteforce Http Auth

restler
Restler is a beautiful and powerful Android app for quickly testing REST API anywhere and anytime.
Stars: ✭ 120 (+12.15%)
Mutual labels:  https, digest
Auth Boss
🔒 Become an Auth Boss. Learn about different authentication methodologies on the web.
Stars: ✭ 2,879 (+2590.65%)
Mutual labels:  authentication, https
uberscan
Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.
Stars: ✭ 31 (-71.03%)
Mutual labels:  bruteforce, pentest
AzureAD Autologon Brute
Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/
Stars: ✭ 90 (-15.89%)
Mutual labels:  bruteforce, pentest
Thc Hydra
hydra
Stars: ✭ 5,645 (+5175.7%)
Mutual labels:  pentest, bruteforce
ComPP
Company Passwords Profiler (aka ComPP) helps making a bruteforce wordlist for a targeted company.
Stars: ✭ 44 (-58.88%)
Mutual labels:  bruteforce, pentest
tomcter
😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.
Stars: ✭ 18 (-83.18%)
Mutual labels:  bruteforce, pentest
Hackers Tool Kit
Its a framework filled with alot of options and hacking tools you use directly in the script from brute forcing to payload making im still adding more stuff i now have another tool out called htkl-lite its hackers-tool-kit just not as big and messy to see updates check on my instagram @tuf_unkn0wn or if there are any problems message me on instagram
Stars: ✭ 211 (+97.2%)
Mutual labels:  pentest, bruteforce
Dictionary Of Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (+359.81%)
Mutual labels:  pentest, bruteforce
Pode
Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers
Stars: ✭ 329 (+207.48%)
Mutual labels:  authentication, https
weakpass generator
generates weak passwords based on current date
Stars: ✭ 36 (-66.36%)
Mutual labels:  bruteforce, pentest
Cloudfail
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Stars: ✭ 1,239 (+1057.94%)
Mutual labels:  pentest, bruteforce
Sureness
A simple and efficient open-source security framework that focus on protection of restful api.
Stars: ✭ 254 (+137.38%)
Mutual labels:  authentication, digest
haiti
🔑 Hash type identifier (CLI & lib)
Stars: ✭ 287 (+168.22%)
Mutual labels:  digest, pentest
Brutemap
Let's find someone's account
Stars: ✭ 113 (+5.61%)
Mutual labels:  https, bruteforce
GetPwd
It's a tool which generate a dictionary from a csv containing personals informations. Generate all common passwords based on perso info. (leet transformations and combinatory processing)
Stars: ✭ 46 (-57.01%)
Mutual labels:  bruteforce, pentest
Dirstalk
Modern alternative to dirbuster/dirb
Stars: ✭ 210 (+96.26%)
Mutual labels:  pentest, bruteforce
Getaltname
Extract subdomains from SSL certificates in HTTPS sites.
Stars: ✭ 320 (+199.07%)
Mutual labels:  https, pentest
Opendoor
OWASP WEB Directory Scanner
Stars: ✭ 586 (+447.66%)
Mutual labels:  pentest, bruteforce
Web Brutator
Fast Modular Web Interfaces Bruteforcer
Stars: ✭ 97 (-9.35%)
Mutual labels:  pentest, bruteforce
View All Similar Projects ➔

Bruteforce HTTP Authentication

Warning

/!\ Not adequately tested /!\

Description

Simple tool to bruteforce HTTP authentication forms.

Supports:

  • Basic HTTP authentication
  • Digest HTTP authentication
  • NTLM authentication

Usage

Usage example:

python3 bruteforce-http-auth.py -T targets_file -U usernames_file -P passwords_file --verbose

Output example:

[10-00-43] --------------------------
[10-00-43] ~  Bruteforce HTTP Auth  ~
[10-00-43] --------------------------
[10-00-43] 
[10-00-43] Included in bruteforce scope:
[10-00-43] 
[10-00-43] => URL: https://www.my-first-protected-resource.com
[10-00-43]    Status code: 401
[10-00-43]    Server: Apache/2.4.18 (Ubuntu)
[10-00-43]    Date: Sat, 11 Nov 2017 10:00:40 GMT
[10-00-43]    Authentication type: basic
[10-00-43] 
[10-00-43] => URL: https://www.my-second-protected-resource.com
[10-00-43]    Status code: 401
[10-00-43]    Server: Apache/2.4.18 (Ubuntu)
[10-00-43]    Date: Sat, 11 Nov 2017 10:00:40 GMT
[10-00-43]    Authentication type: basic
[10-00-43] 
[10-00-43] Excluded from bruteforce scope:
[10-00-43] 
[10-00-43] => URL: https://www.my-third-unprotected-resource.com
[10-00-43]    Status code: 200
[10-00-43]    Server: Apache/2.4.18 (Ubuntu)
[10-00-43]    Date: Sat, 11 Nov 2017 10:00:40 GMT
[10-00-43]    Authentication type: None
[10-00-43]
[10-00-43] Launch bruteforce on included targets [y/N] ? y
[10-00-45] 
[10-00-45] Authentication failed: Username: "user1" Password: "pass2" URL: https://www.my-first-protected-resource.com
[10-00-45] Authentication failed: Username: "user2" Password: "pass1" URL: https://www.my-first-protected-resource.com
[10-00-45] Authentication failed: Username: "user1" Password: "pass1" URL: https://www.my-first-protected-resource.com
[10-00-45] Authentication successful: Username: "user2" Password: "pass2" URL: https://www.my-first-protected-resource.com
[10-00-45] Authentication failed: Username: "user3" Password: "pass1" URL: https://www.my-first-protected-resource.com
[10-00-45] Authentication failed: Username: "user3" Password: "pass2" URL: https://www.my-first-protected-resource.com
[10-00-46] Authentication successful: Username: "user1" Password: "pass1" URL: https://www.my-second-protected-resource.com
[10-00-46] Authentication failed: Username: "user1" Password: "pass2" URL: https://www.my-second-protected-resource.com
[10-00-46] Authentication failed: Username: "user2" Password: "pass1" URL: https://www.my-second-protected-resource.com
[10-00-46] Authentication failed: Username: "user2" Password: "pass2" URL: https://www.my-second-protected-resource.com
[10-00-46] Progress : 10
[10-00-46] Authentication failed: Username: "user3" Password: "pass1" URL: https://www.my-second-protected-resource.com
[10-00-46] Authentication failed: Username: "user3" Password: "pass2" URL: https://www.my-second-protected-resource.com
[10-00-46] Progress : 12 (end)
[10-00-46] 
[10-00-46] Finished

Arguments:

  -t TARGET, --target TARGET
                        URL
                        
  -T TARGETFILE, --targetfile TARGETFILE
                        File of URL
                        
  -u USERNAME, --username USERNAME
                        Username ("username" or "username:password")
                        
  -U USERNAMESFILE, --usernamesfile USERNAMESFILE
                        File of usernames ("username" or "username:password")
                        
  -p PASSWORD, --password PASSWORD
                        Password
                        
  -P PASSWORDSFILE, --passwordsfile PASSWORDSFILE
                        File of passwords
                        
  -w WORKERS, --workers WORKERS
                        Number of threads (interger between 1 and 100)
                        
  -o ORDER, --order ORDER
                        Targets order ("serie" or "parallel")
                        
  -v, --verbose         Verbose
NTLM authentication

Usernames format for NTLM authentication: domain\username

/!\ Be aware that a NTLM authentication bruteforce could lock an account. /!\

Requirements

Python libs required:

Install:

python3 -m pip install -r requirements.txt

Dictionaries

List Source Link
unix_users.txt Metasploit wordlists https://github.com/rapid7/metasploit-framework/blob/master/data/wordlists/unix_users.txt
unix_passwords.txt Metasploit wordlists https://github.com/rapid7/metasploit-framework/blob/master/data/wordlists/unix_passwords.txt
seclists_usernames_top_shortlist.txt SecLists https://github.com/danielmiessler/SecLists/blob/master/Usernames/top_shortlist.txt
seclists_passwords_top_shortlist.txt SecLists https://github.com/danielmiessler/SecLists/blob/master/Passwords/top_shortlist.txt
seclists_10_million_password_list_top_100.txt SecLists https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_100.txt
seclists_10_million_password_list_top_500.txt SecLists https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_500.txt
seclists_10_million_password_list_top_1000.txt SecLists https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_1000.txt
seclists_10_million_password_list_top_10000.txt SecLists https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_10000.txt
custom_common_web_services_usernames_short.txt N/A
custom_common_web_services_usernames_medium.txt N/A
custom_common_web_services_passwords_short.txt N/A
custom_common_web_services_passwords_medium.txt N/A
custom_tomcat_userpass.list N/A
custom_jboss_userpass.list N/A
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].