Bruteforce dynamic web applications with Selenium
Project description
Bruty
Bruteforce dynamic web applications with Selenium.
Installing
pip install bruty
It's assumed that you've got installed Chromium under /usr/bin/chromium
and
that the
chromedriver
of the same version is found in your PATH
.
Usage
If you want to content from the https://fake.web website that is not found by crawlers, you can create a list of uris in a file such as:
admin
wp-login
Then run:
bruty https://fake.web -f uris.txt
Fake 404 pages
Some sites return a 200 status code for the 404, if it's your case, inspect the
code of one of them and create a regular expression to catch them, imagine it's
404 error
.
To test that it works run bruty
against two urls, one that exists and another
that returns the fake 404, making sure that only the existent one is printed.
bruty https://fake.web -u index.html -u fake_404.html -n '404 error'
Once you know it works, run it against all the uris:
bruty https://fake.web -f uris.txt -n '404 error'
Contributing
For guidance on setting up a development environment, and how to make a contribution to bruty, see Contributing to bruty.
License
GPLv3
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.