erforschr / Bruteforce Http Auth
Bruteforce HTTP Authentication
Stars: ✭ 107
Projects that are alternatives of or similar to Bruteforce Http Auth
restler
Restler is a beautiful and powerful Android app for quickly testing REST API anywhere and anytime.
Stars: ✭ 120 (+12.15%)
Mutual labels: https, digest
Auth Boss
🔒 Become an Auth Boss. Learn about different authentication methodologies on the web.
Stars: ✭ 2,879 (+2590.65%)
Mutual labels: authentication, https
uberscan
Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.
Stars: ✭ 31 (-71.03%)
Mutual labels: bruteforce, pentest
AzureAD Autologon Brute
Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/
Stars: ✭ 90 (-15.89%)
Mutual labels: bruteforce, pentest
ComPP
Company Passwords Profiler (aka ComPP) helps making a bruteforce wordlist for a targeted company.
Stars: ✭ 44 (-58.88%)
Mutual labels: bruteforce, pentest
tomcter
😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.
Stars: ✭ 18 (-83.18%)
Mutual labels: bruteforce, pentest
Hackers Tool Kit
Its a framework filled with alot of options and hacking tools you use directly in the script from brute forcing to payload making im still adding more stuff i now have another tool out called htkl-lite its hackers-tool-kit just not as big and messy to see updates check on my instagram @tuf_unkn0wn or if there are any problems message me on instagram
Stars: ✭ 211 (+97.2%)
Mutual labels: pentest, bruteforce
Dictionary Of Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (+359.81%)
Mutual labels: pentest, bruteforce
Pode
Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers
Stars: ✭ 329 (+207.48%)
Mutual labels: authentication, https
weakpass generator
generates weak passwords based on current date
Stars: ✭ 36 (-66.36%)
Mutual labels: bruteforce, pentest
Cloudfail
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Stars: ✭ 1,239 (+1057.94%)
Mutual labels: pentest, bruteforce
Sureness
A simple and efficient open-source security framework that focus on protection of restful api.
Stars: ✭ 254 (+137.38%)
Mutual labels: authentication, digest
GetPwd
It's a tool which generate a dictionary from a csv containing personals informations. Generate all common passwords based on perso info. (leet transformations and combinatory processing)
Stars: ✭ 46 (-57.01%)
Mutual labels: bruteforce, pentest
Dirstalk
Modern alternative to dirbuster/dirb
Stars: ✭ 210 (+96.26%)
Mutual labels: pentest, bruteforce
Getaltname
Extract subdomains from SSL certificates in HTTPS sites.
Stars: ✭ 320 (+199.07%)
Mutual labels: https, pentest
Web Brutator
Fast Modular Web Interfaces Bruteforcer
Stars: ✭ 97 (-9.35%)
Mutual labels: pentest, bruteforce
Bruteforce HTTP Authentication
Warning
/!\ Not adequately tested /!\
Description
Simple tool to bruteforce HTTP authentication forms.
Supports:
- Basic HTTP authentication
- Digest HTTP authentication
- NTLM authentication
Usage
Usage example:
python3 bruteforce-http-auth.py -T targets_file -U usernames_file -P passwords_file --verbose
Output example:
[10-00-43] --------------------------
[10-00-43] ~ Bruteforce HTTP Auth ~
[10-00-43] --------------------------
[10-00-43]
[10-00-43] Included in bruteforce scope:
[10-00-43]
[10-00-43] => URL: https://www.my-first-protected-resource.com
[10-00-43] Status code: 401
[10-00-43] Server: Apache/2.4.18 (Ubuntu)
[10-00-43] Date: Sat, 11 Nov 2017 10:00:40 GMT
[10-00-43] Authentication type: basic
[10-00-43]
[10-00-43] => URL: https://www.my-second-protected-resource.com
[10-00-43] Status code: 401
[10-00-43] Server: Apache/2.4.18 (Ubuntu)
[10-00-43] Date: Sat, 11 Nov 2017 10:00:40 GMT
[10-00-43] Authentication type: basic
[10-00-43]
[10-00-43] Excluded from bruteforce scope:
[10-00-43]
[10-00-43] => URL: https://www.my-third-unprotected-resource.com
[10-00-43] Status code: 200
[10-00-43] Server: Apache/2.4.18 (Ubuntu)
[10-00-43] Date: Sat, 11 Nov 2017 10:00:40 GMT
[10-00-43] Authentication type: None
[10-00-43]
[10-00-43] Launch bruteforce on included targets [y/N] ? y
[10-00-45]
[10-00-45] Authentication failed: Username: "user1" Password: "pass2" URL: https://www.my-first-protected-resource.com
[10-00-45] Authentication failed: Username: "user2" Password: "pass1" URL: https://www.my-first-protected-resource.com
[10-00-45] Authentication failed: Username: "user1" Password: "pass1" URL: https://www.my-first-protected-resource.com
[10-00-45] Authentication successful: Username: "user2" Password: "pass2" URL: https://www.my-first-protected-resource.com
[10-00-45] Authentication failed: Username: "user3" Password: "pass1" URL: https://www.my-first-protected-resource.com
[10-00-45] Authentication failed: Username: "user3" Password: "pass2" URL: https://www.my-first-protected-resource.com
[10-00-46] Authentication successful: Username: "user1" Password: "pass1" URL: https://www.my-second-protected-resource.com
[10-00-46] Authentication failed: Username: "user1" Password: "pass2" URL: https://www.my-second-protected-resource.com
[10-00-46] Authentication failed: Username: "user2" Password: "pass1" URL: https://www.my-second-protected-resource.com
[10-00-46] Authentication failed: Username: "user2" Password: "pass2" URL: https://www.my-second-protected-resource.com
[10-00-46] Progress : 10
[10-00-46] Authentication failed: Username: "user3" Password: "pass1" URL: https://www.my-second-protected-resource.com
[10-00-46] Authentication failed: Username: "user3" Password: "pass2" URL: https://www.my-second-protected-resource.com
[10-00-46] Progress : 12 (end)
[10-00-46]
[10-00-46] Finished
Arguments:
-t TARGET, --target TARGET
URL
-T TARGETFILE, --targetfile TARGETFILE
File of URL
-u USERNAME, --username USERNAME
Username ("username" or "username:password")
-U USERNAMESFILE, --usernamesfile USERNAMESFILE
File of usernames ("username" or "username:password")
-p PASSWORD, --password PASSWORD
Password
-P PASSWORDSFILE, --passwordsfile PASSWORDSFILE
File of passwords
-w WORKERS, --workers WORKERS
Number of threads (interger between 1 and 100)
-o ORDER, --order ORDER
Targets order ("serie" or "parallel")
-v, --verbose Verbose
NTLM authentication
Usernames format for NTLM authentication: domain\username
/!\ Be aware that a NTLM authentication bruteforce could lock an account. /!\
Requirements
Python libs required:
Install:
python3 -m pip install -r requirements.txt
Dictionaries
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].