Brute Force Login in a website with Python, hack accounts on any website with a good dictionary of words.
NOTE: AM NOT RESPONSIBLE OF BAD USE OF THIS PROJECT, it’s only for searching purposes and learning environment!
Demo
- Manual-Mode (You provide fields(username/password,…), 100% accurate)
- Automatic-Mode (Auto-detect fields in the login form (username/password,…), 47% accurate)
Features:
- Perform a brute-force login on a website-target.
- Can handle a csrf-token in a form.
- Can Automatically detect form’s fields in a given login url.
How it work ?
BFL is a robot that tries to connect by exploiting the library of passwords that it has in its possession and do not stop to submit the form until it has correspondence, so you can edit the dictionary file. tx by adding your own words for a particular target!
How to Install
Just hit this command to install python packages:
pip3 install -r requierements.txt
How to use it?
Launch it via your command line
cd C:/path/to/Brute-Force-Login python3 -m app.main
Target
The target is present at ./target directory, it’s a simple php form, when you run it, you will have this:
NOTE:
if you don’t want to deploy the target locally or doesn’t have PHP install localy, you can use this link to set an attack :
- Target LINK (Where you can test your attacks)
- Username : sanix
- Password : .bleach1234
- PS: on the password, don’t forget the “.” before b of bleach
Some ressources for password list:
BONUS (A PASSWORD GENERATOR)
I also created a password generator for this project named Genesis, that can generate multiple combination of passwords base on Key Word the victims could use, Have a look there 😉