CLI tool for HTTP Basic Authentication testing with wordlists.
Project description
basicbuster
basicbuster is a command-line tool for testing HTTP Basic Authentication with username and password wordlists. It detects Basic Auth on a target URL, runs pitchfork or clusterbomb-style attempts, and reports credentials that return HTTP 200.
Disclaimer
Use only on systems and applications you are explicitly authorized to test. Unauthorized access to computer systems is illegal. The authors are not responsible for misuse.
Installation
pip install basicbuster
Usage
basicbuster --url URL (--username FILE --password FILE | --userpass FILE) [OPTIONS]
Options
| Flag | Description |
|---|---|
--url |
Target URL protected by HTTP Basic Auth |
--username FILE |
Path to username wordlist (one per line) |
--password FILE |
Path to password wordlist (one per line) |
--userpass FILE |
Combined user:pass file (one per line) |
--mode |
clusterbomb (all combinations, default) or pitchfork (zip by index) |
-t, --threads |
Number of concurrent threads (default: 10) |
--timeout |
Per-request timeout in seconds (default: 10) |
--proxy URL |
Route traffic through a proxy (e.g. http://127.0.0.1:8080) |
-v, --show-attempts |
Print every attempt with HTTP status |
--quiet |
Minimal output |
Examples
Clusterbomb (default — all username x password combinations):
basicbuster --url https://example.com/secret --username users.txt --password passwords.txt -v
Pitchfork (pair line-by-line):
basicbuster --url https://example.com/secret --username users.txt --password passwords.txt --mode pitchfork -v
Combined user:pass file:
basicbuster --url https://example.com/secret --userpass combo.txt -v
With proxy and 20 threads:
basicbuster --url https://example.com/secret --userpass combo.txt --proxy http://127.0.0.1:8080 -t 20 -v
Output
[*] Target appears to use HTTP Basic Auth: https://example.com/secret
[*] Testing 400 credential pair(s) with 10 thread(s)…
[1/400] [-] admin:password → HTTP 401
[2/400] [-] admin:123456 → HTTP 401
[3/400] [+] admin:secret → HTTP 200 ✓ SUCCESS
...
Sample wordlists (20 common entries each) are included in samples/.
License
MIT — see LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file basicbuster-0.1.2.tar.gz.
File metadata
- Download URL: basicbuster-0.1.2.tar.gz
- Upload date:
- Size: 5.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2f9bffd59fffe5ab66102011abaf02320343c1cae91b41eddbb70d2af6062b53
|
|
| MD5 |
3afdd62a4ee5f367b1f68e19455ad18a
|
|
| BLAKE2b-256 |
a84683d65fc8e33f1b37d8695f63452be439c59f0ce0f56a741f14a2a3fbb645
|
File details
Details for the file basicbuster-0.1.2-py3-none-any.whl.
File metadata
- Download URL: basicbuster-0.1.2-py3-none-any.whl
- Upload date:
- Size: 6.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d2d02ebdd0548cd089ea7b91cdc3db681783d14bab9fe818a0d01d74d4dbdeb0
|
|
| MD5 |
32550aaf6821f60e0bf848bbb906e2f3
|
|
| BLAKE2b-256 |
03f8c548667b97916bfbc1df3032e19f4a08b74e0f601ef273b15ffdcb9ff9eb
|