Skip to main content

A tool for asynchronously testing password login on several protocols

Project description

Aiobrute

Aiobrute is a tool for asynchronously testing password login on several protocols. It use the asyncio librairie instead of threads for testing password concurrently and efficiently.

DISCLAIMER: This software is for educational purposes only. This software should not be used for illegal activity.


The following modules are currently supported

* http  :  test login for http protocol
* ftp   :  test login for ftp protocol
* ssh   :  test login for ssh protocol
* mysql :  test login for mysql protocol

Some modules support multiple protocol

Module Protocol Description
http http-form Testing html form authentication
http basic-auth Testing http basic authentication
http wp-xmlrpc Testing wordpress xml-rpc authentication

Some wordlists are also included

Name Size Description
rockyou 59187 Shorter version of the popular rockyou wordlist
hotmail 8929 Some Passwords from an old hotmail leak
myspace 37120 Some Passwords from an old myspace leak
adobe 90 Some Passwords from an old adobe leak
mostused 200 Most commonly used passwords

Installation & Usage

  • Run aiobrute with docker

docker run -it --name aiobrute --rm blackice22/aiobrute <MODULE> <OPTIONS>
  • Install aiobrute with pip

pip install aiobrute

Output Examples

When no verbosity option are specified, a progress bar is displayed to the user with some statistics.

aiobrute http -t http://localhost:8080/wp-login.php -u admin -m POST -p http-form -c 302 -f USER:log PASS:pwd

    ░█████╗░██╗░█████╗░██████╗░██████╗░██╗░░░██╗████████╗███████╗
    ██╔══██╗██║██╔══██╗██╔══██╗██╔══██╗██║░░░██║╚══██╔══╝██╔════╝
    ███████║██║██║░░██║██████╦╝██████╔╝██║░░░██║░░░██║░░░█████╗░░
    ██╔══██║██║██║░░██║██╔══██╗██╔══██╗██║░░░██║░░░██║░░░██╔══╝░░
    ██║░░██║██║╚█████╔╝██████╦╝██║░░██║╚██████╔╝░░░██║░░░███████╗
    ╚═╝░░╚═╝╚═╝░╚════╝░╚═════╝░╚═╝░░╚═╝░╚═════╝░░░░╚═╝░░░╚══════╝

              https://github.com/jylanglois/aiobrute

                    version: [0.1.0 - alpha]

[-] Loading data from the 'rockyou' build in wordlist

Worker Type: http | Target: http://localhost:8080/wp-login.php | Workers: 15 | Wordlist Size: 59188

|█████████▏                              | ▅▃▁ 13455/59188 [23%] in 18s (730.3/s, eta: 1:03)

if verbosity options are specified, the status for each requests are printed in the console.

2022-04-15 11:16:20,925 - [HTTP] [INFO] - method: [POST] - status: [200] - target: http://localhost:8080/wp-login.php - username: admin - password: 1234567 - (6 of 59188) - [worker 6]
2022-04-15 11:16:20,926 - [HTTP] [INFO] - method: [POST] - status: [200] - target: http://localhost:8080/wp-login.php - username: admin - password: daniel - (10 of 59188) - [worker 10]
2022-04-15 11:16:20,927 - [HTTP] [INFO] - method: [POST] - status: [200] - target: http://localhost:8080/wp-login.php - username: admin - password: 123456789 - (3 of 59188) - [worker 3]
2022-04-15 11:16:20,928 - [HTTP] [INFO] - method: [POST] - status: [200] - target: http://localhost:8080/wp-login.php - username: admin - password: abc123 - (8 of 59188) - [worker 8]
2022-04-15 11:16:20,928 - [HTTP] [INFO] - method: [POST] - status: [200] - target: http://localhost:8080/wp-login.php - username: admin - password: 12345 - (2 of 59188) - [worker 2]
2022-04-15 11:16:20,929 - [HTTP] [INFO] - method: [POST] - status: [200] - target: http://localhost:8080/wp-login.php - username: admin - password: nicole - (9 of 59188) - [worker 9]
2022-04-15 11:16:20,929 - [HTTP] [INFO] - method: [POST] - status: [200] - target: http://localhost:8080/wp-login.php - username: admin - password: 123456 - (1 of 59188) - [worker 1]
2022-04-15 11:16:20,930 - [HTTP] [INFO] - method: [POST] - status: [200] - target: http://localhost:8080/wp-login.php - username: admin - password: iloveyou - (4 of 59188) - [worker 4]
2022-04-15 11:16:20,930 - [HTTP] [INFO] - method: [POST] - status: [200] - target: http://localhost:8080/wp-login.php - username: admin - password: 12345678 - (7 of 59188) - [worker 7]
2022-04-15 11:16:20,931 - [HTTP] [INFO] - method: [POST] - status: [200] - target: http://localhost:8080/wp-login.php - username: admin - password: princess - (5 of 59188) - [worker 5]

Usage Examples

HTTP modules examples

  • Test http html login form and validate the candidate if 302 status code is returned
aiobrute http -t http://localhost:8080/wp-login.php -u admin -m POST -p http-form -c 302 -f USER:log PASS:pwd
  • Test http html login with a csrf token and validate the candidate if 302 status code is returned
aiobrute http -t http://localhost:8080/admin/login/ -u root -m POST -p http-form -c 302 -f USER:user PASS:pwd CSRF:csrftoken
  • Test http login with basic authentication and validate the candidate if 401 status code is not returned
aiobrute http -t http://localhost:8080/ -u admin -m GET -p basic-auth -c ^401
  • Test wordpress xml-rpc login and validate the candidate if the faultCode string is not found in the response
aiobrute http -t http://localhost:8080/xmlrpc.php -u admin -m POST -p wp-xmlrpc -s '^faultCode'

Other modules examples

  • Test ssh login with 5 concurrent worker and using the mostused built-in wordlist
aiobrute ssh -u admin -t localhost -w 5 -l mostused

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

License

GNU GPLv3

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aiobrute-0.1.0.tar.gz (459.9 kB view details)

Uploaded Source

Built Distribution

aiobrute-0.1.0-py3-none-any.whl (465.6 kB view details)

Uploaded Python 3

File details

Details for the file aiobrute-0.1.0.tar.gz.

File metadata

  • Download URL: aiobrute-0.1.0.tar.gz
  • Upload date:
  • Size: 459.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.9.12

File hashes

Hashes for aiobrute-0.1.0.tar.gz
Algorithm Hash digest
SHA256 fdebcc5ba9cf2546433405a1eb97f6c80ee17770d122ba81bffd0cb2c1a3996b
MD5 805f4f0b034db5af43b27a7af131a66c
BLAKE2b-256 44daa177141f026a9c8d1f10d7d5a1c3d381adf3ea1fabcf776753418407112f

See more details on using hashes here.

File details

Details for the file aiobrute-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: aiobrute-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 465.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.9.12

File hashes

Hashes for aiobrute-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 fa8910a44762800d985eaa7563cb13b01922773de3681f916bd1a2d45e31e4b0
MD5 62e5cedecb76523717a37ec26e2731e3
BLAKE2b-256 090e30e3d7fcf6a12e44a6e52be0f52a0c01a8279e6b1b0114e3f813a50239f9

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page