Cerberus provides customizable plugin functionality, proxy support (including standard proxies and Tor), and the ability to perform attacks using multiple wordlists. It features a user-friendly interface and a flexible response-check mechanism that accepts Status Code, JSON Data, Status Text, and Full Response Text as valid responses.
For important legal and usage information, please refer to the Disclaimer document.
If you wish to contribute to the project, kindly review the Contributing Guidelines before proceeding.
To install Cerberus, run the following command:
git clone https://github.com/kayake/cerberus.git && cd cerberus && pip install -r requirements.txtNote
We recommend using git clone https://github.com/kayake/cerberus.git && cd cerberus && poetry install.
To install Cerberus from the development branch, run the following command:
git clone https://github.com/kayake/cerberus.git --branch dev --single-branch && cd cerberus && pip install -r requirements.txtWarning
The development branch is intended for testing purposes only.
To view available commands and options, run:
python3 crbs.py --helpImportant
For version compatibility details, please consult the Security Policy document.
To enhance anonymity, proxy servers or Tor should be configured. Cerberus simplifies this configuration process, thereby improving overall anonymity.
There are two methods for proxy configuration: via the command-line interface or through a configuration file (configs/attack.yaml).
connection:
proxy: http://username:password@127.0.0.1:9273
proxies: /path/to/proxies.txt
tor:
control_port: 9051
address: socks5://127.0.0.1:9050
password: my_enc_passwordImportant
Tor must be set up. See Setting Up Tor for more information.
tor --hash-password "<your_plain_text_password>"
sudo nano /etc/tor/torrcNote
The password is optional.
ControlPort 9051 # Control port (you can choose another port if needed)
HashedControlPassword <hashed_password> # Encrypted password (Optional)
# CookieAuthentication 1 # Optional (cookie-based authentication)
cd "C:\Users\<YourUser>\Desktop\Tor Browser\Browser\TorBrowser\Tor"
tor.exe --hash-password "<your_plain_text_password>"Note
This step is optional.
If you installed the Tor Browser, the torrc file is usually located at:
C:\Users\<YourUser>\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc
Open it with a text editor (e.g., Notepad++).
ControlPort 9051
HashedControlPassword <hashed_password>
Now you can use Tor. Use the --tor option in the attack command.
First, configure the Attack Configuration File.
body:
url: https://example.com/login/
method: POST
headers: asdf
data: username=^USER^&password=^PASS^
connection:
timeout: 50
verify_ssl: true
limit_connections: 100
proxy: http://username:password@127.0.0.1:9273
proxies: /path/to/proxies.txt
tor:
control_port: 9051
address: socks5://127.0.0.1:9050
password: my_enc_password
response:
success: ~
fail: 401
credentials:
usernames: admin
passwords: /usr/share/dict/brazilianCaution
Do not exceed 100 limit_connections. Typically, hardware supports up to 100 simultaneous connections. If you are confident in your hardware's capabilities, you may increase this limit or set it to 0 to remove AioHTTP restrictions (at your own risk).
Run the following command:
cerberus --verbose 3 attackTip
Use the --verbose option to view response statuses and requests sent.
The --tor option may be replaced with --proxy or --proxies.
To start a Multiple Wordlists Attack, transform the wordlist(s) into an array:
credentials:
usernames: [example.1.txt, example.2.txt]
passwords: [/usr/share/dict/brazilian, /usr/share/dict/american-english]Warning
Pay attention to the []. Cerberus will not read arguments like this: example.2.txt, example.1.txt. It will consider them as a single wordlist.
Caution
This feature demands high CPU usage, so DO NOT use more than two wordlists (Cerberus will warn you if this happens).
To extend functionality, plugins may be added. Create a single file and place it within the lib/plugins directory. The file must adhere to the following structure:
# lib/plugins/test/hello.world.py
class MyClass:
description = "My First Plugin!"
""" A generic Class Name """
def run(self, arguments):
print("Hello world!")
""" Getting arguments """
for argument in arguments:
print(argument)cerberus --verbose 3 plugin --list
==================================================
test/hello.world.py - My First Plugin!
==================================================
cerberus --verbose 3 plugin --use test/hello.world.py -args="--foo foo"
usage: cerberus [-h] [--version] [--update] [--verbose LEVEL] {attack,plugin} ...
options:
-h, --help show this help message and exit
Commands:
{attack,plugin}
attack Start an attack (Consider executing python3 crbs.py attack -h for attack options)
plugin Use a plugin in 'lib/plugins/'
Version options:
--version Show the version
Update options:
--update, -u Update Cerberus
Others:
--verbose LEVEL, -v LEVEL
Set debug level
cerberus --verbose 3 attack -h