Skip to content
/ BruteBot Public
forked from Navinscribed/BruteBot

Password brute-forcing tool built upon Python 3.7 and 'webbot' library.

1 star 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AJDX3906/BruteBot

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
BruteBot.py
BruteBot.py
 
 
README.md
README.md
 
 

Repository files navigation

Password brute-forcing tool built upon Python 3.7 and webbot

  • BruteBot lets you brute-force login passwords. It is handy for login pages that have CSRF protection or any random tokens.

     Basically, the script
 1. GETs the login page,
 2. consumes the username / email and passwords fed by you, and
 3. POSTs those values to the server along with additional random parameters if any
    (could be an Anti-CSRF token or a browser window identifier or a time-stamp, etc.);
 4. loops the entire process until you get a hit, that is, the correct password.

  • I specifically used webbot (a library derived from Selenium) because I wanted to mimic the actions of a user browsing the target website login page and attempting to brute-force the password themselves, in the cleanest possible way.

  • That way, any additional random tokens that might get generated upon visiting the login page shall be automatically passed along in the subsequent login POST request, and the password brute-forcing automation can be accomplished.

  • Plus, it lets you see the browser in action. So, it becomes easier to visualize and helps while troubleshooting.


Requirements:

  1. Download and install the latest version of Python 3.x from here.
  2. Use the package manager pip to install 'webbot'.
pip3 install webbot
  1. Download Brutebot.py to your local directory.
  2. Place your password list file in the same directory as BruteBot.py.

That's it! You are good to go!


Usage:

python3 BruteBot.py -t (LOGIN PAGE URL) -u USERNAME -p (PASSWORD LIST) --uid (USERNAME ELEMENT ID) --pid (PASSWORD ELEMENT ID) --bname (LOGIN BUTTON NAME) -m (visible / headless) -s (TIME IN SECONDS)

Here, this might "help":

BruteBot-Help


Quickstart guide:

Demo 1 - To run BruteBot with default options:

python3 BruteBot.py -t https://demo.testfire.net/login.jsp -u admin -p passwords.txt --uid uid --pid passw --bname Login



Demo 2 - To see the browser(s) in action when BruteBot runs:

python3 BruteBot.py -t https://demo.testfire.net/login.jsp -u admin -p passwords.txt --uid uid --pid passw --bname Login -m visible



Demo 3 - To route the traffic through a proxy while running BruteBot:

python3 BruteBot.py -t https://demo.testfire.net/login.jsp -u admin -p passwords.txt --uid uid --pid passw --bname Login --proxy http://localhost:8080


Like my work? Buy me a coffee maybe?

About

Password brute-forcing tool built upon Python 3.7 and 'webbot' library.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%