{"id":13845571,"url":"https://github.com/exbotanical/brutus","last_synced_at":"2025-04-11T04:51:24.471Z","repository":{"id":47928937,"uuid":"259204081","full_name":"exbotanical/brutus","owner":"exbotanical","description":"extensible exploitation framework shipped on a modular multi-tasking architecture","archived":false,"fork":false,"pushed_at":"2022-12-09T05:36:29.000Z","size":30958,"stargazers_count":76,"open_issues_count":2,"forks_count":16,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-25T02:51:43.016Z","etag":null,"topics":["arp-spoofing","botnet","concurrency","ethical-hacking","exploitation-framework","hacking-tool","malware","mitm-attacks","modular-architecture","parallelism","penetration-testing","remote-admin-tool","threading","trojan"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/exbotanical.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-04-27T04:22:38.000Z","updated_at":"2025-02-24T20:59:45.000Z","dependencies_parsed_at":"2023-01-25T16:45:24.387Z","dependency_job_id":null,"html_url":"https://github.com/exbotanical/brutus","commit_stats":null,"previous_names":["matthewzito/brutus"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exbotanical%2Fbrutus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exbotanical%2Fbrutus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exbotanical%2Fbrutus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exbotanical%2Fbrutus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/exbotanical","download_url":"https://codeload.github.com/exbotanical/brutus/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248345289,"owners_count":21088243,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arp-spoofing","botnet","concurrency","ethical-hacking","exploitation-framework","hacking-tool","malware","mitm-attacks","modular-architecture","parallelism","penetration-testing","remote-admin-tool","threading","trojan"],"created_at":"2024-08-04T17:03:28.854Z","updated_at":"2025-04-11T04:51:24.453Z","avatar_url":"https://github.com/exbotanical.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# The Brutus Exploitation Framework\n\nAn educational exploitation framework shipped on a modular and highly extensible multi-tasking and multi-processing architecture.\n\n## Table of Contents\n\n- [Introduction](#intro)\n- [Demos](#demo)\n- [Installation](#install)\n- [Usage](#usage)\n- [Features](#features)\n- [Documentation](#docs)\n  - [MAC Address Management](#macchanger)\n  - [ARP Network Scanner](#networkscanner)\n  - [ARP Spoofing](#arpspoof)\n  - [Multi-tasking Packet Sniffer](#packetsniff)\n  - [Multi-tasking Port Scanner](#portscan)\n  - [Evented Web Crawler](#webcrawl)\n  - [Subdomain Scanner](#subdomain)\n\n## \u003ca name=\"intro\"\u003e\u003c/a\u003e Brutus: an Introduction\n\nLooking for version 1? See the branches in this repository.\n\nBrutus is an educational exploitation framework written in Python. It automates pre and post-connection network-based exploits, as well as web-based reconnaissance. As a light-weight framework, Brutus aims to minimize reliance on third-party dependencies. Optimized for Kali Linux, Brutus is also compatible with macOS and most Linux distributions, featuring a fully interactive command-line interface and versatile plugin system.\n\nBrutus features a highly-extensible, modular architecture. The included exploits (plugins layer) consists of several decoupled modules that run on a 'tasking layer' comprised of thread pools and thread-safe, async queues (whichever is most appropriate for the given module). The main thread runs atop a multi-processing pool that manages app context and dispatches new processes so tasks can run in the background, in separate shells, etc.\n\nThe UI layer is also decoupled and extensible. By default, Brutus ships with a menu-based command-line interface UI but there's no reason you can't add adapters for a GUI, an argument parser, or even an HTTP API or remote procedure call.\n\nLast, Brutus has a utility layer with common faculties for file-system operations, shell (terminal emulator) management, persistence methods, and system metadata.\n\nIf you're just interested in some Python hacking, feel free to pull the scripts directly - each module can be invoked standalone.\n\n## \u003ca name=\"demo\"\u003e\u003c/a\u003e Demos\n\nWeb Scanning and Payload Compilation Demo: [watch mp4](https://streamable.com/scybvn)\n![demo](https://github.com/MatthewZito/Brutus/blob/dev/assets/brutus_demo1.gif)\n\n\n## \u003ca name=\"install\"\u003e\u003c/a\u003e Installation\n\nYou will probably want the following dependencies:\n\n- sslstrip\n- pipenv\n\nBrutus is optimized for Kali Linux. There's lots of information online about how to run Kali Linux in a VM.\n\nTo install:\n\n```bash\npipenv install\n```\n\n## \u003ca name=\"usage\"\u003e\u003c/a\u003e Usage\n\nRun:\n\n```bash\npipenv run brutus\n```\n\nTest:\n\n```bash\npipenv run test\n```\n\nLint:\n\n```bash\npipenv run lint\n```\n\nSetup Git Hooks for Development:\n\n```bash\npipenv run setup\n```\n\nFeel free to open PRs with feature proposals, bugfixes, et al. Note that much of this project is still in progress. The base is there and ready for you to build upon.\n\n### \u003ca name=\"features\"\u003e\u003c/a\u003e Brutus: Features and Included Modules\n\nBrutus includes several modules which can be generalized as belonging to three macro-categories: *network-based*, *web-based*, and *payloads*. The latter category is a library of compilers and accompanying payloads - payloads can be compiled via Brutus' interactive command-line menu; compiled payloads can subsequently be loaded into many of Brutus' applicable network-based modules.\n\nThe base layer of Brutus utilizes POSIX threads for concurrent multi-tasking. Some modules - i.e. essentially anything heavily I/O bound - instead utilize Python's async I/O libraries and run on an abstraction atop Python's default event loop.\n\n**Included Utilities/Scripts**\n\n- IP Table Management\n- Downgrade HTTPS to HTTP\n- Enable Monitor Mode\n- Enable Port Forwarding\n- Keylogger\n\n### \u003ca name=\"docs\"\u003e\u003c/a\u003e Documentation\n\n#### \u003ca name=\"macchanger\"\u003e\u003c/a\u003e  48-bit MAC Address Changer ([view source](https://github.com/MatthewZito/Brutus/blob/master/packages/mac_changer/mac_changer.py))\n\nNOTE: This tool is for 48-bit MACs, with a %02x default byte format.\n\nMAC (Media Access Control) is a permanent, physical, and unique address assigned to network interfaces by device manufacturers. This means even your wireless card, for instance, has its own unique MAC address.\n\nThe MAC address, analogous to an IP on the internet, is utilized within a network in order to facilitate the proper delivery of resources and data (i.e. packets). An interaction will generally consist of a source MAC and a destination MAC. MAC addresses can identify you, be filtered, or otherwise access-restricted.\n\nImportant to note is these unique addresses are not ephemeral; they are persistent and will remain associated with a device were a user to install it in another machine. But the two don't have to be inextricably intertwined...\n\nThis module will accept as user-input any given wireless device and any valid MAC address to which the user wishes to reassign said device. The program is simple such that I need not explain it much further: it utilizes the subprocess module to automate the sequence of the necessary shell commands to bring the wireless interface down, reassign the MAC, and reinitialize it.\n\nIf you are actively changing your MAC address, it might be prudent to have some sort of validation structure or higher order method to ensure that 1) the wireless device exists, 2) the wireless device accommodates a MAC address, 3) the user-input MAC address is of a valid format, and 4) the wireless device's MAC address has successfully been updated. This tool automates these functions.\n\nBy selecting the 'generate' option in lieu of a specific MAC address, the program will generate a valid MAC address per IEEE specifications. I'm excited to have implemented extended functionality for generating not only wholly random (and valid) MAC addresses, but MAC addresses which either begin with a specific vendor prefix (OUI), or are generated with multicast and/or UAA options. These options trigger byte-code logic in the generator method, which are augmented per IEEE specifications. Learn more about MAC addresses [here](https://en.wikipedia.org/wiki/Organizationally_unique_identifier#Bit-reversed_representation).\n\n\n#### \u003ca name=\"networkscanner\"\u003e\u003c/a\u003e ARP-Based Network Scanner ([view source](https://github.com/MatthewZito/Brutus/blob/master/packages/network_scanner/network_scanner.py))\n\nThe network scanner is another very useful tool, and a formidable one when used in conjunction with the aforementioned MAC changer. This scanner utilizes ARP request functionality by accepting as user input a valid ipv4 or ipv6 IP address and accompanying - albeit optional - subnet range.\n\nThe program then takes the given IP and/or range, then validates them per IEEE\nspecifications (again, this validation is run against ipv4 and ipv6 standards). Finally, a broadcast object is instantiated with the given IP and a generated ethernet frame; this object returns to us a list of all connected devices within the given network and accompanying range, mapping their IPs to respective MAC addresses.\n\nThe program outputs a table with these associations, which then might be used as input for the MAC changer should circumstances necessitate it.\n\n#### \u003ca name=\"arpspoof\"\u003e\u003c/a\u003e  Automated ARP Spoofing ([view source](https://github.com/MatthewZito/Brutus/blob/master/packages/arp_spoofer/arp_spoof.py))\n\nThe ARP Spoof module enables us to redirect the flow of packets in a given network by simultaneously manipulating the ARP tables of a given target client and its network's gateway. This module auto-enables port forwarding during this process, and dynamically constructs and sends ARP packets.\n\nWhen the module is terminated by the user, the targets' ARP tables are reset, so as not to leave the controller in a precarious situation (plus, it's the nice thing to do).\n\nBecause this process places the controller in the middle of the packet-flow between the client and AP, the controller therefore has access to all dataflow (dealing with potential encryption of said data is a task for another script). From here, the myriad options for packet-flow orchestration become readily apparent: surrogation of code by way of automation and regular expressions, forced redirects, remote access, et al. Fortunately, Brutus can automate this, too.\n\n#### \u003ca name=\"packetsniff\"\u003e\u003c/a\u003e  HTTP Packet Sniffer ([view source](https://github.com/MatthewZito/Brutus/blob/master/packages/packet_sniffer/packet_sniff.py))\n\nThe packet sniffer is an excellent module to employ after running the ARP Spoofer; it creates a dataflow of all intercepted HTTP packets' data which includes either URLs, or possible user credentials.\n\nThe script is extensible and can accommodate a variety of protocols by instantiating the listener object with one of many available filters. Note that Brutus automatically downgrades HTTPS, so unless HSTS is involved, the dataflow should be viable for reconnaissance.\n\n\n__Disclaimer: This software and all contents therein were created for research use only. I neither condone nor hold, in any capacity, responsibility for the actions of those who might intend to use this software in a manner malicious or otherwise illegal.__\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexbotanical%2Fbrutus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fexbotanical%2Fbrutus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexbotanical%2Fbrutus/lists"}