Bruteforce Attacks, BruteLoops, Downloads, Hacking Tools, Pentesting, Sqlite Database, Username

BruteLoops – Protocol Agnostic Online Password Guessing API

A dead simple library providing the foundational logic for efficient password brute force attacks against authentication interfaces.

See various Wiki sections for more information.

A “modular” example is included with the library that demonstrates how to use this package. It’s fully functional and provides multiple brute force modules. Below is a sample of its capabilities:

<div authentication class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="http.accellion_ftp Accellion FTP HTTP interface login module http.basic_digest Generic HTTP basic digest auth http.basic_ntlm Generic HTTP basic NTLM authentication http.global_protect Global Protect web interface http.mattermost Mattermost login web interface http.netwrix Netwrix web login http.okta Okta JSON API http.owa2010 OWA 2010 web interface http.owa2016 OWA 2016 web interface smb.smb Target a single SMB server testing.fake Fake authentication module for training/testing “>

http.accellion_ftp Accellion FTP HTTP interface login module
http.basic_digest Generic HTTP basic digest auth
http.basic_ntlm Generic HTTP basic NTLM authentication
http.global_protect
Global Protect web interface
http.mattermost Mattermost login web interface
http.netwrix Netwrix web login
http.okta Okta JSON API
http.owa2010 OWA 2010 web interface
http.owa2016 OWA 2016 web interface
smb.smb Target a single SMB server
testing.fake Fake authentication module for training/testing

Key Features

Dependencies

BruteLoops requires Python3.7 or newer and SQLAlchemy 1.3.0, the latter of which can be obtained via pip and the requirements.txt file in this repository: python3.7 -m pip install -r requirements.txt

Installation

git clone https://github.com/arch4ngel/bruteloops
cd bruteloops
python3 -m pip install -r requirements.txt

How do I use this Damn Thing?

Jeez, alright already…we can break an attack down into a few steps:

  1. Find an attackable service
  2. If one isn’t already available in the example.py[1] directory, build a callback
  3. Find some usernames, passwords, and credentials
  4. Construct a database by passing the authentication data to dbmanager.py[2]
  5. If relevant, Enumerate or request the AD lockout policy to intelligently configure the attack
  6. Execute the attack in alignment with the target lockout policy[1][3][4]

Source : KitPloit – PenTest Tools!

Previous ArticleNext Article
Send this to a friend