https://github.com/codingchili/vertx-httpform-bruteforce
Vertx client to brute force http-post form, twice as fast as hydra.
https://github.com/codingchili/vertx-httpform-bruteforce
Last synced: 12 months ago
JSON representation
Vertx client to brute force http-post form, twice as fast as hydra.
- Host: GitHub
- URL: https://github.com/codingchili/vertx-httpform-bruteforce
- Owner: codingchili
- License: mit
- Created: 2020-11-01T18:31:52.000Z (over 5 years ago)
- Default Branch: main
- Last Pushed: 2020-11-01T18:45:24.000Z (over 5 years ago)
- Last Synced: 2025-02-12T15:51:30.425Z (about 1 year ago)
- Language: Kotlin
- Size: 61.5 KB
- Stars: 3
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# vertx-httpform-bruteforce
Vertx client to brute force http-post form, twice as fast as hydra.
### Building
Modify Breaker.kt to update hard-coded stuff like form parameters, target url, port etc.
```
./gradlew build
```
This produces a jar file in build/lib.
### Usage
Grab a session id and csrf token if required, example in tokens.sh. Make sure to verify that token is reusable and attached to the session used.
```
. ./tokens.sh
#java -jar form-breaker-1.0-SNAPSHOT.jar
java -jar form-breaker-1.0-SNAPSHOT.jar test $PHPSESSID $CSRF rockyou.78.txt
```
Wordlist is a file with passwords to try, separated by newlines.
For example, to filter the rockyou.txt to a specific passlength
```
$ awk '{ if (length($0) == 8 || length($0) == 7) print }' rockyou.txt >rockyou.7-8.txt
```
Run snapshot.sh with a known valid login to periodically sanity check the server.
```
./snapshot.sh
```
If the server stops responding, recompile and set the wordlist offset.
### Performance
Twice as fast as hydra, gets about 15-22k requests/minute on a local virtualbox target.
Loads the whole wordlist in memory.. so prefer to filter into smaller lists, or submit a PR. :kissing_cat: