https://github.com/sircryptic/resetryder

ResetRyder - Open Source Brute Force Password Reset Tool
https://github.com/sircryptic/resetryder

brute-force brute-force-attacks bruteforce bruteforce-attacks bruteforce-password-cracker bruteforcer bruteforcing offsec python3

Last synced: 2 months ago
JSON representation

ResetRyder - Open Source Brute Force Password Reset Tool

• Host: GitHub
• URL: https://github.com/sircryptic/resetryder
• Owner: SirCryptic
• License: gpl-3.0
• Created: 2023-02-26T16:49:19.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2025-03-10T19:25:26.000Z (3 months ago)
• Last Synced: 2025-03-27T14:21:45.915Z (3 months ago)
• Topics: brute-force, brute-force-attacks, bruteforce, bruteforce-attacks, bruteforce-password-cracker, bruteforcer, bruteforcing, offsec, python3
• Language: Python
• Homepage:
• Size: 35.2 KB
• Stars: 15
• Watchers: 1
• Forks: 4
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

README

        
# ResetRyder - Open Source Brute Force Password Reset Tool

This tool brute-forces password reset endpoints, targeting flaws like [CVE-2023-24080](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24080) in Chamberlain myQ v5.222.0.32277 (iOS). Works on similar web apps. By [SirCryptic](https://github.com/SirCryptic) of [NullSecurityTeam](https://github.com/NULL-Security-Team).

## Installation

1. Install Python 3.7+ and packages:

 ```

pip install aiohttp aiohttp_socks fake_useragent aiofiles PySocks

```

2. Use high-quality SOCKS4 proxies (e.g., paid providers, avoid free lists) for best results.

## Example Usage

```

python resetryder.py -p passwords.txt -u usernames.txt -r https://example.com/reset -x proxies.txt -a 3 -o 10 -c 10

```

Check target response (e.g., "Password updated") and update config.json's "success_indicators".

With CSRF token:

```

python resetryder.py -p passwords.txt -u usernames.txt -r https://example.com/reset -x proxies.txt --config config_with_csrf.json

```

The following arguments are required:

* `-p`: Path to the password list file.

* `-u`: Path to the username list file.

* `-r`: URL to the reset password endpoint.

* `-x`: Path to the SOCKS4 proxy list file.

The following arguments are optional:

* `-a`: Max retries for failed requests (default: 3).

* `-o`: Max timeout in seconds (default: 10).

* `-c`: Max concurrent requests (default: 10).

* `-t`: Rate limit in seconds (default: 1.0).

* `--config`: JSON config file (default: config.json).

## Notes

CAPTCHAs may block attempts—use a solver like 2Captcha (not included) or Selenium for automation. Edit config.json to add solver API keys when implemented.

## Disclaimer

Not responsible for misuse. For educational and authorized testing only. Illegal without permission (e.g., CFAA, Computer Misuse Act).