Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/teambcs/auth-nexus

Next-gen TUI-based security tool supporting HTTP, SSH, FTP, and SMTP. Features include auto-CSRF handling, asynchronous engine (aiohttp), and real-time analytics. Optimized for Termux & Linux.
https://github.com/teambcs/auth-nexus

attack auth-nexus authentication authentication-testing brute-force-attack brute-force-attacks bruteforce bruteforce-attacks penetration-testing pentesting testing tui-app

Last synced: about 2 months ago
JSON representation

Next-gen TUI-based security tool supporting HTTP, SSH, FTP, and SMTP. Features include auto-CSRF handling, asynchronous engine (aiohttp), and real-time analytics. Optimized for Termux & Linux.

Awesome Lists containing this project

README 

          




  




AUTH NEXUS





Advanced Brute Force Attack Testing Framework






A professional multi-protocol brute force attack testing tool built for security researchers and penetration testers.




---

## Dependencies



![aiohttp](https://img.shields.io/badge/aiohttp-async%20http-green)

![aiohttp-socks](https://img.shields.io/badge/aiohttp--socks-proxy%20support-orange)

![rich](https://img.shields.io/badge/rich-terminal%20ui-purple)

![beautifulsoup4](https://img.shields.io/badge/beautifulsoup4-html%20parser-yellow)

![lxml](https://img.shields.io/badge/lxml-fast%20xml%20parser-blue)

![asyncssh](https://img.shields.io/badge/asyncssh-ssh%20client-red)

![uvloop](https://img.shields.io/badge/uvloop-fast%20async%20loop-green)

![urllib3](https://img.shields.io/badge/urllib3-http%20client-lightgrey)

![pyOpenSSL](https://img.shields.io/badge/pyOpenSSL-ssl%20support-blue)

![License](https://img.shields.io/badge/license-GPLv3-blue.svg)

![Version](https://img.shields.io/badge/Version-2.0%20-yellow)



---



# ๐Ÿ” Auth Nexus



**Auth Nexus** is a powerful brute force attack testing framework designed for security professionals and penetration testers.



It supports multiple protocols such as:



- HTTP / HTTPS

- SSH

- FTP

- SMTP



The tool is designed with **high performance asynchronous architecture**, **smart login detection**, **automatic CSRF handling**, and **memory-safe credential streaming**.



Auth Nexus provides a modern **TUI (Terminal User Interface)** for easy configuration and monitoring.



---



# ๐Ÿš€ Key Features



### Multi Protocol Support

Supports authentication testing for multiple protocols:



- HTTP / HTTPS login forms

- SSH authentication

- FTP authentication

- SMTP authentication



---



### Smart Web Login Detection



- Automatic username/password field detection

- Automatic CSRF token detection

- Cookie session handling

- Smart redirect analysis



---



### High Performance Engine



- Asynchronous architecture

- Multi-threaded request handling

- High RPS processing

- Optimized network operations



---



### Memory Safe Credential Streaming



Large credential lists can be used safely.



Example:



```



rockyou.txt (140MB+)



````



The tool reads credentials **line-by-line** instead of loading everything into memory.



---



### Proxy & Stealth Support



Auth Nexus supports:



- HTTP proxies

- SOCKS4 / SOCKS5 proxies

- Randomized requests

- Delay control

- Stealth headers



---



### Professional TUI Interface



Modern terminal interface with:



- live logs

- progress tracking

- RPS monitoring

- ETA calculation

- valid credential display



---



# โš™๏ธ Installation && Requirement Setup



### Requirements



- Python 3.10+

- Linux / Termux / macOS



```bash

pkg update && pkg upgrade

pkg install clang libxml2 libxslt libiconv -y

pkg install binutils rust build-essential -y

pkg install python-lxml -y

pkg install python-cryptography -y

pkg install python3 -y

pkg install git -y

git clone https://github.com/TEAMBCS/AUTH-NEXUS.git

cd AUTH-NEXUS

chmod +x *

chmod 777 *

pip install -r auth-nexus.txt

python3 auth-nexus.py

```



---



# โš’๏ธ WordForge โ€“ Advanced Wordlist Generator



**WordForge** is a powerful built-in wordlist generator designed for creating custom password lists with high flexibility and performance. It allows you to generate targeted wordlists based on specific character sets and length ranges.



---



### ๐Ÿ”ฅ Features



- ๐Ÿ”ค Custom Character Set (A-Z, a-z, 0-9, symbols or custom input)

- ๐Ÿ“ Adjustable Length Range (min โ†’ max)

- ๐Ÿ“Š Real-time Combination & Size Estimation

- ๐Ÿš€ High-Speed Async Generation Engine

- ๐Ÿ’พ Auto-save to `list/.txt`

- โน Stop Generation Anytime

- ๐Ÿ”„ Auto Integration with Main Tool (User/Pass List)



---



### โš™๏ธ How It Works



1. Open **WordForge** from the main menu.

2. Enter your desired **character set**.

3. Set **minimum and maximum length**.

4. Click **Calculate** to estimate:

   - Total combinations

   - File size

5. Click **Generate** to start creating the wordlist.



---



### ๐Ÿง  Example



```text

Charset: abc123

Length: 1 โ†’ 3

````



Generated output:



```

a

b

c

1

2

3

aa

ab

ac

...

```



---



### โš ๏ธ Important Notes



* Large charset + high length = **huge file size**

* Avoid generating more than **100M+ combinations** unless เค†เคตเคถเฅเคฏเค•

* Storage and time consumption may increase significantly



---



### ๐Ÿ“‚ Output Location



```

list/.txt

```



---



### ๐Ÿ”— Quick Actions



After generation, you can:



* ๐Ÿ”‘ Use as Password List

* ๐Ÿ‘ค Use as Username List

* ๐Ÿ”‘๐Ÿ‘ค Use for Both



---



### ๐Ÿ’ก Pro Tip



Use smaller, targeted wordlists for better performance instead of massive random lists.



---



> โšก WordForge is optimized for speed, stability, and seamless integration with the attack engine.



---



# ๐Ÿง  Supported Attack Modes



Auth Nexus supports three major credential attack strategies.



---



## Cluster Bomb



Tests **every username with every password**



Example



```

User1 : Pass1

User1 : Pass2

User1 : Pass3

User2 : Pass1

User2 : Pass2

User2 : Pass3

```



Best for:



```

Multiple usernames ร— password list

```



---



## Pitchfork



Runs username and password lists **in parallel**



Example



```

User1 : Pass1

User2 : Pass2

User3 : Pass3

```



Best for:



```

Paired credential lists

```



---



## Battering Ram



Uses the **same value for both username and password**



Example



```

admin : admin

test : test

user : user

```



Best for:



```

Default credential testing

```



---



# ๐Ÿ“– User Manual



### Target Configuration



Target can be provided as:



Single URL



```

http://target.com/login

```



Or URL list



```

targets.txt

```



Example formats:



```

http://site.com/login

ssh://192.168.1.10:22

ftp://127.0.0.1:21

smtp://mail.server.com:587

```



---



### Credentials Input



Auth Nexus supports both single credentials and wordlists.



Single credential:



```

User : admin

Pass : password123

```



Credential lists:



```

users.txt

passwords.txt

```



---



### HTTP Form Example



Example login form configuration:



```

/login:user=^USER^&pass=^PASS^:F=Invalid or /login:user=^USER^&pass=^PASS^:S=Success

```

Explanation



| Part      | Meaning              |

| --------- | -------------------- |

| /login    | form path            |

| ^USER^    | username placeholder |

| ^PASS^    | password placeholder |

| F=Invalid | failure message      |

| S=Success | success meassage     |



Examples :โžค 

Cpanel : ```/login/:user=^USER^&pass=^PASS^:F=invalid```



Wp : ```/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log+In:F=Invalid username```



---



### ๐Ÿง  Auto Param Feature



The Auto Param system analyzes the target request and automatically 

extracts possible authentication parameters such as:



โ€ข username fields  

โ€ข password fields  

โ€ข token parameters  

โ€ข login form inputs  



 This helps speed up authentication testing without requiring 

manual parameter configuration.



---



## ๐ŸŽฏ Success & Failure Detection (Regex Support)



Auth Nexus allows advanced success and failure detection using:



โ€ข HTTP status code  

โ€ข Response text matching  

โ€ข Regular expressions (Regex)



This helps the engine accurately detect whether an authentication attempt succeeded or failed.



---



### โœ”๏ธ Success Matching Examples



You can define success indicators using plain text or regex.



Examples: ```"status"\s*:\s*"success",

Login successful\. Redirecting,

(?i)(logout|dashboard|welcome)```



---



### โŒ Failure Matching Examples



Define failure patterns to improve accuracy.



Examples: ```(?i)(error|wrong|incorrect),

(?i)invalid```



---



### ๐Ÿง  How It Works



โ€ข Success patterns are checked first  

โ€ข Failure patterns override success when matched  

โ€ข Case-insensitive matching supported with `(?i)`  

โ€ข Supports both plain text and regex patterns  



This system improves detection accuracy for complex authentication responses.



---



# ๐Ÿ“Š Tool Architecture



```

Auth Nexus

โ”‚

โ”œโ”€โ”€ Engine

โ”‚   โ”œโ”€โ”€ HTTP Module

โ”‚   โ”œโ”€โ”€ SSH Module

โ”‚   โ”œโ”€โ”€ FTP Module

โ”‚   โ””โ”€โ”€ SMTP Module

โ”‚

โ”œโ”€โ”€ Smart Detection

โ”‚   โ”œโ”€โ”€ Parameter Detection

โ”‚   โ”œโ”€โ”€ CSRF Detection

โ”‚   โ””โ”€โ”€ Cookie Handling

โ”‚

โ”œโ”€โ”€ Credential System

โ”‚   โ”œโ”€โ”€ Wordlist Streaming

โ”‚   โ”œโ”€โ”€ Cluster Bomb

โ”‚   โ”œโ”€โ”€ Pitchfork

โ”‚   โ””โ”€โ”€ Battering Ram

โ”‚

โ”œโ”€โ”€ WordForge โš’๏ธ

โ”‚   โ”œโ”€โ”€ Custom Charset Builder

โ”‚   โ”œโ”€โ”€ Length Range Control

โ”‚   โ”œโ”€โ”€ Combination Estimation

โ”‚   โ”œโ”€โ”€ High-Speed Generator

โ”‚   โ”œโ”€โ”€ File Output (list/)

โ”‚   โ””โ”€โ”€ Auto Integration (User/Pass List)

โ”‚

โ”œโ”€โ”€ Networking

โ”‚   โ”œโ”€โ”€ Async Requests

โ”‚   โ”œโ”€โ”€ Proxy Support

โ”‚   โ””โ”€โ”€ Retry System

โ”‚

โ””โ”€โ”€ Interface

    โ”œโ”€โ”€ TUI Dashboard

    โ”œโ”€โ”€ Live Logs

    โ”œโ”€โ”€ Progress Tracking

    โ””โ”€โ”€ Results Display



```



---



# ๐Ÿ“ˆ Statistics Display



Auth Nexus provides real-time attack statistics:



| Metric   | Description              |

| -------- | ------------------------ |

| Attempts | Total attempts           |

| RPS      | Requests per second      |

| ETA      | Estimated time remaining |

| Hits     | Valid credentials found  |



---



# ๐Ÿ“ Project Structure



```

AUTH-NEXUS

โ”‚

โ”œโ”€โ”€ auth-nexus.py #main tool

โ”œโ”€โ”€ auth-nexus.txt #requirements

โ”œโ”€โ”€ auth-nexus-ua.json #User agent list

โ”œโ”€โ”€ passlist.txt #A common password list

โ”œโ”€โ”€ README.md

โ”‚

โ”œโ”€โ”€ Image

|   โ”œโ”€โ”€  auth-nexus-v2.0-2.jpg #Tool Image 

|   โ”œโ”€โ”€ auth-nexus-v2.0-1.jpg #Tool image 

|   โ”œโ”€โ”€ auth-nexus-v2.0-3.jpg #wordforge image

โ”‚   โ””โ”€โ”€ auth-nexus-logo.png #logo image

โ”‚

โ”œโ”€โ”€ AUTH-NEXUS-CSS

|   โ”œโ”€โ”€ WordForgeScreen.css #wordforge css

|   โ”œโ”€โ”€ UI.css #main UI css

|   โ”œโ”€โ”€ about.css #about info css

โ”‚   โ”œโ”€โ”€ attack-ui.css #attack panel ui css

โ”‚   โ””โ”€โ”€ app.css #app css

โ”‚

โ””โ”€โ”€ output

    โ””โ”€โ”€ success.txt

```



---

## ๐Ÿ“ธ Screenshots





  Screenshot 1

  ย ย 

   Screenshot 2

  ย ย 

  Screenshot 1






---



## ๐Ÿ“ƒ Note



**Edit CSS Code as your wish.**



**If you found textual library install problem in kali linux machines or debian machines**

- use

```

pip install textual --break-system-packages --ignore-installed pygments

```



---



# ๐Ÿ›ก Security Notice



This tool is developed for:



* **Cybersecurity research**

* **penetration testing**

* **authorized security assessments**



Unauthorized usage against systems without permission is illegal.



---



# ๐Ÿ‘จโ€๐Ÿ’ป Developer



```

Owner : TEAM BCS

Developer : BLACK ZER0

```



---



# ๐Ÿ“œ License



This project is licensed under the **GNU General Public License v3.0 (GPLv3)**.



```

Licensed under the GNU General Public License v3.0 (GPLv3).



This license allows users to use, modify and distribute the software, 

but any modified version must also be released under the same GPLv3 license.

```



---



# โญ Support



If you like the project consider giving a **star on GitHub**.



```

Stay secure.

Stay ethical.

```



---