Simple general purpose python bruteforce library
Project description
perock
Description
Perock is Python bruteforce attack library built on threads and asyncio. Its intended for simplifying bruteforce attack by performing common tasks in bruteforce such as calculating cartesian product.
Perock was built to be general purpose in that it can be used for wide variety of bruteforce attack activities. It can be used with html forms, file with passwords, API requiring username and password, etc.
All it takes is defining how to interact with the system/target and validate bruteforce data such as username and password. The rest will be handled for you including when to terminate based on certain conditions which would improve performance.
Pros
- Simple and easy to get started.
- Supports concurrency with asycio and threads.
- Performs faster with optimisations.
- General purpose(almost any bruteforce attack activity)
- Bruteforce data can be loaded from csv and json files.
Cons
- Performs slower than manually written code.
- Python 3.5 or less not supported.
Install
In your command-line application enter this:
pip install perock
Environment
- Tested with Python 3.6, 3.8 and 3.10.
Examples
Examples above requires active web server running on http://127.0.0.1:5000.
Source files for the web server and the examples can be found here.
Import neccessay modules
from perock import forcetable
from perock import attack
from perock import runner
import requests
import aiohttp
import asyncio
Setup bruteforce data
# Create field with usernames
usernames_field = forcetable.FieldFile("usernames", "usernames.txt")
usernames_field.set_item_name("username")
# Create field with passwords
passwords_field = forcetable.FieldFile("passwords", "passwords.txt")
passwords_field.set_item_name("password")
# Create table and add fields
table = forcetable.Table()
table.add_field(usernames_field)
table.add_field(passwords_field)
# Sets usernames_field as primary field of table
table.set_primary_field(usernames_field)
# table will handle cartesian product of the fields
# table also contains records created from the fields
Threaded bruteforce attack
class LoginPageAttack(attack.Attack):
def __init__(self, target, data: dict, retries=1) -> None:
super().__init__(target, data, retries)
# self._responce can also be None or Exception
# Responce can be anything but None and Exception are special.
self._responce: requests.Response
@classmethod
def create_session(cls):
# Creates session object to use with requests
# That can improve request performance
return requests.Session()
def request(self):
# Performs request with target and return responce
if self.session_exists():
session = self.get_session()
return session.post(self._target, data=self._data)
else:
return requests.post(self._target, data=self._data)
def failure(self):
# Tests if attempt failed or not
if self.target_reached():
if b"Failed to login" in self._responce.content:
return True
elif b"No such username" in self._responce.content:
return True
return False
def success(self):
# Tests if attempt failed or not
if self.target_reached():
return b"Login successful" in self._responce.content
return False
def target_errors(self):
if self.target_reached():
return self._responce.status_code != 200
return False
def after_request(self):
super().after_request()
if self.failure():
#print("Attempt failed:", self._data)
pass
elif self.success():
print("Attempt success:", self._data)
elif self.errors():
print("Attempt errors:", self._data)
print("Responce message:", self._responce_msg)
# Creates runner object to perform bruteforce
runner_object = runner.RunnerThread(
LoginPageAttack, "http://127.0.0.1:5000/login", table)
# Enables optimisation(requires primary field)
runner_object.enable_optimise()
runner_object.run()
Asynchronous bruteforce attack
class LoginPageAttackAsync(attack.AttackAsync):
def __init__(self, target, data: dict, retries=1) -> None:
super().__init__(target, data, retries)
# self._responce can also be None or Exception
# Responce can be anything but None and Exception are special.
self._responce: aiohttp.ClientResponse
self._session: aiohttp.ClientSession
@classmethod
async def create_session(cls):
# Creates session object to use with request
return aiohttp.ClientSession()
async def request(self):
if self.session_exists():
return await self._session.post(self._target, data=self._data)
else:
async with await self.create_session() as session:
return await session.post(self._target, data=self._data)
async def failure(self):
if await self.target_reached():
if b"Failed to login" in await self._responce.read():
return True
elif b"No such username" in await self._responce.read():
return True
return False
async def success(self):
if await self.target_reached():
return b"Login successful" in await self._responce.read()
return False
async def target_errors(self):
if await self.target_reached():
return self._responce.status != 200
return False
async def after_request(self):
await super().after_request()
if await self.failure():
#print("Attempt failed:", self._data)
pass
elif await self.success():
print("Attempt success:", self._data)
elif await self.errors():
print("Attempt errors:", self._data)
print("Responce message:", self._responce_msg)
# Creates runner object to perform bruteforce
runner_object = runner.RunnerAsync(
LoginPageAttackAsync, "http://127.0.0.1:5000/login", table)
# Enables optimisation(requires primary field)
runner_object.enable_optimise()
asyncio.run(runner_object.run())
Free fields resources
# FileField is backed by file object.
# Its important to close it after use.
usernames_field.close()
usernames_field.close()
The examples above can be easily modified based on bruteforcing websites login forms or something unique and different.
Similar projects
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
perock-0.0.3.tar.gz
(125.7 kB
view details)
Built Distribution
perock-0.0.3-py3-none-any.whl
(45.5 kB
view details)
File details
Details for the file perock-0.0.3.tar.gz.
File metadata
- Download URL: perock-0.0.3.tar.gz
- Upload date:
- Size: 125.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.10.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ba65e7b7b5eda0d8f036d8b7adc87d3b5bfed1c542dc392c0932eb55d9c821bd |
|
| MD5 | 810c9743508ad08618385e6f84145795 |
|
| BLAKE2b-256 | f3fbf34d52d045ba699ed3c41f7a3910866a9ba3d5298efaf89979fba7f1523e |
File details
Details for the file perock-0.0.3-py3-none-any.whl.
File metadata
- Download URL: perock-0.0.3-py3-none-any.whl
- Upload date:
- Size: 45.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.10.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ebd22f1b1d7d8692445520a44a5806230aff107544de5e71cba6af1f93fba707 |
|
| MD5 | 5c3ddf39b1c0a5c7b0f4885d90ad7949 |
|
| BLAKE2b-256 | 2c197119ecf4e2d2c553574ceab61c944d46bf510ac2cc21b52f97f2f18c3c40 |
