Skip to main content

CLI tool for HTTP Basic Authentication testing with wordlists.

Project description

basicbuster

basicbuster is a command-line tool for testing HTTP Basic Authentication with username and password wordlists. It detects Basic Auth on a target URL, runs pitchfork or clusterbomb-style attempts, and reports credentials that return HTTP 200.

Disclaimer

Use only on systems and applications you are explicitly authorized to test. Unauthorized access to computer systems is illegal. The authors are not responsible for misuse.

Installation

pip install basicbuster

Usage

basicbuster --url URL (--username FILE --password FILE | --userpass FILE) [OPTIONS]

Options

Flag Description
--url Target URL protected by HTTP Basic Auth
--username FILE Path to username wordlist (one per line)
--password FILE Path to password wordlist (one per line)
--userpass FILE Combined user:pass file (one per line)
--mode clusterbomb (all combinations, default) or pitchfork (zip by index)
-t, --threads Number of concurrent threads (default: 10)
--timeout Per-request timeout in seconds (default: 10)
--proxy URL Route traffic through a proxy (e.g. http://127.0.0.1:8080)
-v, --show-attempts Print every attempt with HTTP status
--quiet Minimal output

Examples

Clusterbomb (default — all username x password combinations):

basicbuster --url https://example.com/secret --username users.txt --password passwords.txt -v

Pitchfork (pair line-by-line):

basicbuster --url https://example.com/secret --username users.txt --password passwords.txt --mode pitchfork -v

Combined user:pass file:

basicbuster --url https://example.com/secret --userpass combo.txt -v

With proxy and 20 threads:

basicbuster --url https://example.com/secret --userpass combo.txt --proxy http://127.0.0.1:8080 -t 20 -v

Output

[*] Target appears to use HTTP Basic Auth: https://example.com/secret
[*] Testing 400 credential pair(s) with 10 thread(s)…

[1/400] [-] admin:password → HTTP 401
[2/400] [-] admin:123456 → HTTP 401
[3/400] [+] admin:secret → HTTP 200 ✓ SUCCESS
...

Sample wordlists (20 common entries each) are included in samples/.

License

MIT — see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

basicbuster-0.1.2.tar.gz (5.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

basicbuster-0.1.2-py3-none-any.whl (6.7 kB view details)

Uploaded Python 3

File details

Details for the file basicbuster-0.1.2.tar.gz.

File metadata

  • Download URL: basicbuster-0.1.2.tar.gz
  • Upload date:
  • Size: 5.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.3

File hashes

Hashes for basicbuster-0.1.2.tar.gz
Algorithm Hash digest
SHA256 2f9bffd59fffe5ab66102011abaf02320343c1cae91b41eddbb70d2af6062b53
MD5 3afdd62a4ee5f367b1f68e19455ad18a
BLAKE2b-256 a84683d65fc8e33f1b37d8695f63452be439c59f0ce0f56a741f14a2a3fbb645

See more details on using hashes here.

File details

Details for the file basicbuster-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: basicbuster-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 6.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.3

File hashes

Hashes for basicbuster-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 d2d02ebdd0548cd089ea7b91cdc3db681783d14bab9fe818a0d01d74d4dbdeb0
MD5 32550aaf6821f60e0bf848bbb906e2f3
BLAKE2b-256 03f8c548667b97916bfbc1df3032e19f4a08b74e0f601ef273b15ffdcb9ff9eb

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page