Kraken – A Multi-Platform Distributed Brute-Force Password Cracking System

Kraken is an online distributed brute force password cracking tool. It allows you to parallelize dictionaries and crunch word generator based cracking across multiple machines both as a web app in a web browser and as a standalone electron based client. Kraken aims to be easy to use, fault tolerant and scalable. I wrote KrakenRead More

goEnumBruteSpray – User Enumeration And Password Bruteforce On Azure, ADFS, OWA, O365 And Gather Emails On Linkedin

The recommended module is o365 for user enumeration and passwords bruteforce / spray . Additional information can be retrieved to avoid account lockout, to know that the password is good but expired, MFA enabled,… Linkedin This module should be used to retrieve a list of email addresses before validating them through a user enumeration module.Read More

Lorsrf – SSRF Parameter Bruteforce

Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST Methods NOTE Lorsrf has been added to scant3r with useful additions (multi http method , multi content-type (json , query , xml , speed , large worlist and more)) https://github.com/knassar702/scant3r/wiki/lorsrf install download it ➜ git clone https://github.com/knassar702/lorsrf➜ cd lorsrf➜ sudo pip3 install requestsRead More

Pathprober – Probe And Discover HTTP Pathname Using Brute-Force Methodology And Filtered By Specific Word Or 2 Words At Once

Probe and discover HTTP pathname using brute-force methodology and filtered by specific word or 2 words at once. Purpose Brute-forcing website directories or HTTP pathname and validate using HTTP response code is not relevant anymore. This tool will help you to perform a penetration test, because it could validate the directories using specific-word or 2Read More

Shreder – A Powerful Multi-Threaded SSH Protocol Password Bruteforce Tool

Shreder is a powerful multi-threaded SSH protocol password brute-force tool. Features Very fast password guessing, just one password in 0.1 second. Optimized for big password lists, Shreder tries 1000 passwords in 1 minute and 40 seconds. Simple CLI and API usage. Installation pip3 install git+https://github.com/EntySec/Shreder Basic usage To use Shreder just type shreder in yourRead More

Adfsbrute – A Script To Test Credentials Against Active Directory Federation Services (ADFS), Allowing Password Spraying Or Bruteforce Attacks

A script to test credentials against Active Directory Federation Services (ADFS), calculating the ADFS url of an organization and allowing password spraying or bruteforce attacks. The main idea is carrying out password spraying attacks with a random and high delay between each test and using a list of proxies or Tor to make the detectionRead More

Kraker – Distributed Password Brute-Force System That Focused On Easy Use

Kraker is a distributed password brute-force system that allows you to run and manage the hashcat on different servers and workstations, focused on easy of use. There were two main goals during the design and development: to create the most simple tool for distributed hash cracking and make it fault-tolerant. Kraker consists of two mainRead More

Lazy-RDP – Script For AutomRDPatic Scanning And Brute-Force

Script For AutomRDPatic Scanning And Brute-Force. Demo Video: Lazy-RDP over SSH: Script for automatic scanning of the address list for the presence of open 3389 ports, and then selecting the method and starting busting pair login / password. The script is tuned for Kali linux 2.0, Kali linux 2016.2 и Kali linux 2017.1, 2017.2 systemsRead More

Remote-Method-Guesser – Tool For Java RMI Enumeration And Bruteforce Of Remote Methods

remote-method-guesser (rmg) is a command line utility written in Java and can be used to identify security vulnerabilities on Java RMI endpoints. Currently, the following operations are supported: List available bound names and their corresponding interface class names List codebase locations (if exposed by the remote server) Check for known vulnerabilities (enabled class loader, missingRead More

SSB – A Faster And Simpler Way To Bruteforce SSH Server

Secure Shell Bruteforcer — A faster & simpler way to bruteforce SSH server. Installation from Binary Download a pre-built binary from releases page, unpack and run! Or: ▶ (sudo) curl -sSfL ‘https://git.io/kitabisa-ssb’ | sh -s — -b /usr/local/bin from Source Need go1.14+ compiler installed and configured, then: ▶ GO111MODULE=on go get ktbs.dev/ssb Usage ▶ ssbRead More

X