Brute Force Login on a web-site with a good dictionary of words

Brute Force Login
Brute Force Login

Brute Force Login in a website with Python, hack accounts on any website with a good dictionary of words.

NOTE: AM NOT RESPONSIBLE OF BAD USE OF THIS PROJECT, it’s only for searching purposes and learning environment!

Demo

  • Manual-Mode (You provide fields(username/password,…), 100% accurate)
BF Demo
BF-Demo
  • Automatic-Mode (Auto-detect fields in the login form (username/password,…), 47% accurate)
bf demo2
bf-demo2

Features:

  • Perform a brute-force login on a website-target.
  • Can handle a csrf-token in a form.
  • Can Automatically detect form’s fields in a given login url.

How it work ?

BFL is a robot that tries to connect by exploiting the library of passwords that it has in its possession and do not stop to submit the form until it has correspondence, so you can edit the dictionary file. tx by adding your own words for a particular target!

How to Install

Just hit this command to install python packages:

pip3 install -r requierements.txt

How to use it?

Launch it via your command line

cd C:/path/to/Brute-Force-Login
python3 -m app.main

Target

The target is present at ./target directory, it’s a simple php form, when you run it, you will have this:

target demo
target-demo

NOTE:

if you don’t want to deploy the target locally or doesn’t have PHP install localy, you can use this link to set an attack :

  • Target LINK (Where you can test your attacks)
  • Username : sanix
  • Password : .bleach1234
  • PS: on the password, don’t forget the “.” before b of bleach

Some ressources for password list:

BONUS (A PASSWORD GENERATOR)

I also created a password generator for this project named Genesis, that can generate multiple combination of passwords base on Key Word the victims could use, Have a look there 😉

Author: