Adfsbrute – A Script To Test Credentials Against Active Directory Federation Services (ADFS), Allowing Password Spraying Or Bruteforce Attacks

A script to test credentials against Active Directory Federation Services (ADFS), calculating the ADFS url of an organization and allowing password spraying or bruteforce attacks. The main idea is carrying out password spraying attacks with a random and high delay between each test and using a list of proxies or Tor to make the detectionRead More

Kraker – Distributed Password Brute-Force System That Focused On Easy Use

Kraker is a distributed password brute-force system that allows you to run and manage the hashcat on different servers and workstations, focused on easy of use. There were two main goals during the design and development: to create the most simple tool for distributed hash cracking and make it fault-tolerant. Kraker consists of two mainRead More

Lazy-RDP – Script For AutomRDPatic Scanning And Brute-Force

Script For AutomRDPatic Scanning And Brute-Force. Demo Video: Lazy-RDP over SSH: Script for automatic scanning of the address list for the presence of open 3389 ports, and then selecting the method and starting busting pair login / password. The script is tuned for Kali linux 2.0, Kali linux 2016.2 и Kali linux 2017.1, 2017.2 systemsRead More

Remote-Method-Guesser – Tool For Java RMI Enumeration And Bruteforce Of Remote Methods

remote-method-guesser (rmg) is a command line utility written in Java and can be used to identify security vulnerabilities on Java RMI endpoints. Currently, the following operations are supported: List available bound names and their corresponding interface class names List codebase locations (if exposed by the remote server) Check for known vulnerabilities (enabled class loader, missingRead More

SSB – A Faster And Simpler Way To Bruteforce SSH Server

Secure Shell Bruteforcer — A faster & simpler way to bruteforce SSH server. Installation from Binary Download a pre-built binary from releases page, unpack and run! Or: ▶ (sudo) curl -sSfL ‘’ | sh -s — -b /usr/local/bin from Source Need go1.14+ compiler installed and configured, then: ▶ GO111MODULE=on go get Usage ▶ ssbRead More

Stegbrute – Fast Steganography Bruteforce Tool Written In Rust Useful For CTF’s

stegbrute is a fast steganography brute force tool written in Rust using also threads to achieve a faster execution Dependencies Stegbrute cannot run without steghide!, to install steghide run : apt-get install -y steghide if you are not in a debian distribution you can download it from steghide website Installation stegbrute can be installed inRead More

Urlbuster – Powerful Mutable Web Directory Fuzzer To Bruteforce Existing And/Or Hidden Files Or Directories

Powerful web directory fuzzer to locate existing and/or hidden files or directories.Similar to dirb or gobuster, but with a lot of mutation options.Installation pip install urlbuster Features Proxy support Cookie support Basic Auth Digest Auth Retries (for slow servers) Persistent and non-persistent HTTP connection Request methods: GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS Custom HTTPRead More

RMIScout – Wordlist And Bruteforce Strategies To Enumerate Java RMI Functions And Exploit RMI Parameter Unmarshalling Vulnerabilities

RMIScout performs wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation.On misconfigured servers, any known RMI signature using non-primitive types (e.g., java.lang.String), can be exploited by replacing the object with a serialized payload. This is a fairly common misconfiguration (e.g., VMWare vSphere Data Protection + vRealize Operations Manager,Read More