{"id":28139160,"url":"https://github.com/0xricksanchez/joomla_brute","last_synced_at":"2025-05-14T17:19:22.067Z","repository":{"id":291541668,"uuid":"977924621","full_name":"0xricksanchez/joomla_brute","owner":"0xricksanchez","description":"A sophisticated Joomla administrator brute force tool for security testing and penetration testing purposes.","archived":false,"fork":false,"pushed_at":"2025-05-05T08:06:39.000Z","size":1681,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-05T09:31:24.516Z","etag":null,"topics":["brute-force","fuzzing","joomla","penetration-testing","pentesting","user-enumeration"],"latest_commit_sha":null,"homepage":"https://github.com/0xricksanchez/joomla_brute","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xricksanchez.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-05T07:34:51.000Z","updated_at":"2025-05-05T08:06:42.000Z","dependencies_parsed_at":"2025-05-05T09:41:27.422Z","dependency_job_id":null,"html_url":"https://github.com/0xricksanchez/joomla_brute","commit_stats":null,"previous_names":["0xricksanchez/joomla_brute"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xricksanchez%2Fjoomla_brute","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xricksanchez%2Fjoomla_brute/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xricksanchez%2Fjoomla_brute/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xricksanchez%2Fjoomla_brute/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xricksanchez","download_url":"https://codeload.github.com/0xricksanchez/joomla_brute/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254190388,"owners_count":22029639,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["brute-force","fuzzing","joomla","penetration-testing","pentesting","user-enumeration"],"created_at":"2025-05-14T17:18:38.147Z","updated_at":"2025-05-14T17:19:22.060Z","avatar_url":"https://github.com/0xricksanchez.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"img/logo.png\" alt=\"JoomlaBrute Logo\" width=\"300\"/\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eJoomlaBrute\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003eA sophisticated Joomla administrator brute force tool for security testing and penetration testing purposes.\u003c/strong\u003e\n  \u003cbr /\u003e\n  This tool helps identify weak administrator credentials in Joomla CMS installations.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/0xricksanchez/joomla_brute/blob/main/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/github/license/0xricksanchez/joomla_brute\" alt=\"License\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://python.org\"\u003e\u003cimg src=\"https://img.shields.io/badge/python-3.11%2B-blue\" alt=\"Python Version\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/0xricksanchez/joomla_brute/releases\"\u003e\u003cimg src=\"https://img.shields.io/badge/version-v1.0-red\" alt=\"Tool Version\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## 🔍 Features\n\n- **Smart Detection**: Auto-detects Joomla version when possible\n- **Rate Limit Handling**: Adapts to anti-brute force measures with exponential backoff\n- **Token Management**: Intelligently handles Joomla's CSRF tokens\n- **Flexible Authentication**: Supports multiple user/password combinations\n- **Configurable Timing**: Control delay and jitter to avoid detection\n- **Proxy Support**: Route requests through a proxy for additional anonymity\n- **Comprehensive Logging**: Detailed logs for security reports\n- **User-friendly Output**: Clear statistics and progress reporting\n\n## 🔧 Requirements\n\n- Python 3.11+\n- Required packages:\n  - requests\n  - beautifulsoup4\n  - tqdm\n  - colorama\n  - lxml (optional, but recommended for XML parsing)\n\n## 📥 Installation\n\nClone the repository and install the dependencies:\n\n```bash\ngit clone https://github.com/0xricksanchez/joomla_brute.git\ncd joomla_brute\npip install -r requirements.txt\n```\n\n## 🚀 Usage\n\n```\npython joomla_brute.py -u http://example.com -U admin -PL wordlist.txt -d 1.0\n```\n\n### Basic Options\n\n```\n  -u URL, --url URL       Base URL of Joomla site (e.g., http://example.com)\n  -U USER, --user USER    Single username\n  -UL USERLIST, --userlist USERLIST\n                          File of usernames, one per line\n  -p PASSWORD, --password PASSWORD\n                          Single password\n  -PL PASSWORDLIST, --passwordlist PASSWORDLIST\n                          File of passwords, one per line\n```\n\n### Advanced Options\n\n```\n  --proxy PROXY           HTTP/S proxy (e.g., http://127.0.0.1:8080)\n  -d DELAY, --delay DELAY\n                          Base delay between login attempts in seconds (default: 1.0)\n  -j JITTER, --jitter JITTER\n                          Random +/- jitter added to delay in seconds (default: 0.5)\n  -t TIMEOUT, --timeout TIMEOUT\n                          Request timeout in seconds (default: 10.0)\n  -r RETRIES, --retries RETRIES\n                          Max retries for failed network requests (default: 3)\n  -a USER_AGENT, --user-agent USER_AGENT\n                          Custom User-Agent string\n  -l LOG, --log LOG       Log file path (logs debug info regardless of verbosity)\n  -x, --exit-on-success   Exit immediately after finding the first valid credential\n  -q, --quiet             Minimal output (suppress banner, progress bars, stats)\n  -v, --verbose           Enable verbose logging to console (DEBUG level)\n  --version               Show version number and exit\n```\n\n## 📋 Examples\n\n### Using Single Username/Password\n\n```bash\npython joomla_brute.py -u http://example.com -U admin -p password123\n```\n\n### Using Username and Password Lists\n\n```bash\npython joomla_brute.py -u http://example.com -UL users.txt -PL passwords.txt\n```\n\n### Using a Proxy with Slower Timing\n\n```bash\npython joomla_brute.py -u http://example.com -U admin -PL passwords.txt --proxy http://127.0.0.1:8080 -d 2.0 -j 1.0\n```\n\n### Finding All Valid Credentials in Quiet Mode\n\n```bash\npython joomla_brute.py -u http://example.com -UL users.txt -PL passwords.txt -q\n```\n\n### Exit After First Valid Credential with Verbose Logging\n\n```bash\npython joomla_brute.py -u http://example.com -UL users.txt -PL passwords.txt -x -v\n```\n\n## 📊 Output\n\nJoomlaBrute provides detailed statistics upon completion:\n\n```\n________________________________________________________________________________\n\n                      JOOMLA BRUTE FORCE - SUMMARY REPORT\n________________________________________________________________________________\n  Target URL             : http://example.com/administrator/\n  Time Elapsed           : 00:01:23\n  Total Attempts         : 150\n  Average Speed          : 1.81 attempts/s\n  Credentials Found      : 1\n________________________________________________________________________________\n\n________________________________________________________________________________\n                              SUCCESSFUL LOGINS\n________________________________________________________________________________\n  admin                  : foobar123!\n________________________________________________________________________________\n```\n\n## 💡 Tips\n\n- Start with common admin usernames: `admin`, `administrator`, `root`, `joomla`\n- Use the `-d` and `-j` parameters to avoid triggering anti-brute force measures\n- Always log your activities with the `-l` option for documentation\n- The `-v` flag helps debug connection issues or unexpected behaviors\n- Consider using the `--proxy` option for sensitive testing\n- Use `-x` to stop after finding the first valid credential (faster for POC)\n\n## 🛡️ Defense Recommendations\n\nIf you're a Joomla administrator, protect against brute force attacks by:\n\n1. Using strong, unique passwords\n2. Implementing two-factor authentication\n3. Using security plugins that limit login attempts\n4. Using a Web Application Firewall (WAF)\n5. Not exposing your admin panel directly to the internet\n6. Changing the default admin username\n7. Regularly updating your Joomla installation\n\n## 🤝 Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request.\n\n## 📝 License\n\nThis project is licensed under the Apache-2.0 License - see the [LICENSE](LICENSE) file for details.\n\n## ⚠️ Legal Disclaimer\n\nThis tool is intended for **legal security testing only**. Always obtain explicit written permission before testing any website or application. Unauthorized access to computer systems is illegal and unethical.\n\nThe author assumes NO responsibility for any misuse of this software or damage caused by it. Use at your own risk and only on systems you have permission to test.\n\n## 📬 Contact\n\n- Author: 0x434b (mail@0x434b.dev)\n- Project Link: [https://github.com/0xricksanchez/joomla_brute](https://github.com/0xricksanchez/joomla_brute)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xricksanchez%2Fjoomla_brute","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xricksanchez%2Fjoomla_brute","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xricksanchez%2Fjoomla_brute/lists"}