Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/rurbin3/xHaust

:muscle: :zap: Blazingly fast brute forcer made in Node.js, exhausting your logins... For science.
https://github.com/rurbin3/xHaust

Last synced: about 2 months ago
JSON representation

:muscle: :zap: Blazingly fast brute forcer made in Node.js, exhausting your logins... For science.

Host: GitHub
URL: https://github.com/rurbin3/xHaust
Owner: rurbin3
License: mit
Created: 2020-08-24T04:07:42.000Z (about 4 years ago)
Default Branch: master
Last Pushed: 2020-08-23T19:57:47.000Z (about 4 years ago)
Last Synced: 2024-05-10T17:33:17.817Z (5 months ago)
Homepage: https://www.npmjs.com/package/xhaust
Size: 186 KB
Stars: 1
Watchers: 1
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-blazingly-fast - xHaust - :muscle: :zap: Blazingly fast brute forcer made in Node.js, exhausting your logins... For science. (JavaScript)

README

### xHaust

A fast brute forcer made in Node.js, mostly capable of HTTP attacks. The main mantra of xHaust is **speed, reliability and speed**

**xHaust** achieves it's top speed by using the [async](https://caolan.github.io/async/v3/) module, it can execute password tries in parallel with a set limit. Note that Node.js is still single threaded and so is this library. Due to performance reasons the choice to not create multiple threads for this module has been respected, this is because most password tries are finished by the CPU before any other task completes and the CPU can easily exhaust (heh) request speeds before the requests can exhaust the CPU, making threads costly for this kind of goal.

# THIS PROJECT IS NOT YET FINISHED, PLEASE COME BACK LATER

#### Installation

```bash
npm install -g xhaust
```

#### Usage

```
Usage: xhaust [options]

Options:
-V, --version output the version number
-a, --attackUri protocol URI to attack
-u, --user username to use in attack payload
-U, --userfile file full of usernames to use in attack payload
-p, --pass password to use in attack payload
-P, --passfile file full of passwords to use in attack payload
-l, --limitParallel max parallel requests at a time
-b, --batchSize the get and post requests batch size
-d, --dry-run executes the attack in dry run mode
-T, --test run attack on in built local http server for testing
-t, --tags tags to use for this attack seperated by hypens (Ex. http-post-urlencoded)
-i, --input input string to use as first scan structure data (Ex. form input names configurations)
-o, --output output string to use as payload for attack, will replace :username: :password: and :csrf: with respectable values
-g, --useGui enable gui
-h, --help display help for command
```

##### Example call:

```bash
$ xhaust -a https://website.com -t -a http://somewebsite.com http-post-urlencoded -u admin -P passwords.txt -s 1000 -l 130 -i "csrf=token" -o "username=:username:&password=:password:&csrftoken=:csrf:"`
```

#### Project Layout

.
├── ...
├── xhaust.js # Main class file of xHaust, handles most control flow
├── entry.js # Entry file for unit tests, cli or otherwise
├── attacks # Houses attack middleware files, these are the
├── classes # Any class files that are not instanced automatically by xHaust
├── logs # Log files created by xHaust
├── metadata # Metadata folder stores arbitrary data for example attack files
├── modules # A simple module object that performs basic tasks
├── packages # Packages are classes that are imported and instanced by xHaust and are the internal workings
├── test # Test folder that holds all test scripts
└── ...