Skip to content

Tinram/Mysql-bruteforce

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Mysql-bruteforce

MySQL multi-threaded brute-forcer.

Purpose

Brute-force a MySQL user using a wordlist file.

This fork is a revised version of 0x0mar's fast brute-force program.

Main revisions are:

  • Easier command-line usage,
  • Adaptability in parsing wordlist formats,
  • Thread number default assigned from CPU info,
  • Progress counter and stats displayed.

OS

  • Linux

Usage

    ./mysql-bruteforce -h <host> -u <username> -f <wordlist_file> [-t <num_threads>] [-p <port>] [-v]

<host> can be localhost (fastest), a hostname, or an IP address.

There are many wordlists available e.g. Daniel Miessler's.

MAX_WORD_LEN of 50 is fine for most wordlists. However, some wordlists have borked entries (e.g. long email address). For these wordlists, increase MAX_WORD_LEN to 140 (or, more precisely, output of wc -L <wordlist> + 1), and re-compile to avoid a buffer overrun / segfault.

20 threads appears to be optimal on 4-thread CPUs.

-v and -vv can be used for verbosity output.

Remote MySQL Connections

See MySQL-Brute docs.

Executables

  • x86 64-bit
  • x86 32-bit

Download from Releases.

Build

If libmysqlclient-dev is not installed:

    make deps && make && make install

else:

    make && make install

(See MySQL-Brute docs for libmysql requirements.)

Authors

  • 0x0mar (original)
  • Tinram (v. 0.02)

Credits

  • Tim Čas: EOL removal.
  • Ben Alpert: microsecond timer.

Packages

No packages published

Languages

  • C 91.3%
  • Makefile 8.7%