Automatic Web Application Brute Force Attack Tool
Branch: master
Clone or download
Latest commit 2861362 Jan 14, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Update issue templates Jan 2, 2019
data First release! Dec 16, 2018
doc Update AUTHOR.md Dec 18, 2018
lib Update common.py Jan 8, 2019
thirdparty First release! Dec 16, 2018
.travis.yml Update .travis.yml Dec 17, 2018
LICENSE update copyright year Jan 3, 2019
README.md Update README.md Jan 14, 2019
screenshot.jpg sample image Dec 17, 2018
w3brute.py main program Jan 2, 2019

README.md

W3brute - Automatic Web Application Brute Force Attack Tool

Build Status Python 2.6|2.7 License

w3brute is an open source penetration testing tool that automates attacks directly to the website's login page. w3brute is also supported for carrying out brute force attacks on all websites.

Features

  1. Scanner:

    w3brute has a scanner feature that serves to support the bruteforce attack process.

    this is a list of available scanners:

    • automatically detects target authentication type.
    • admin page scanner.
    • SQL injection scanner vulnerability.
  2. Attack Method:

    w3brute can attack using various methods of attack.

    this is a list of available attack methods:

    • SQL injection bypass authentication
    • mixed credentials (username + SQL injection queries)
  3. Support:

    • multiple target

    • google dorking

    • a list of supported web interface types to attack:

      • web shell
      • HTTP 401 UNAUTHORIZED (Basic and Digest)
    • create file results brute force attack. supported file format type:

      • CSV (default)
      • HTML
      • SQLITE3
    • custom credentials (username, password, domain) (supported zip file)

    • custom HTTP requests (User-Agent, timeout, etc)

    • and much more...

Screenshot

image

Installation

You can download the latest version of the tarball file here or zipball here.

If you have installed the git package, you can clone the Git repository in a way, as below:

git clone https://github.com/aprilahijriyan/w3brute.git

w3brute can be run with Python version 2.6.x or 2.7.x on all platforms.

Usage

To get all list of options on w3brute tool:

python w3brute.py -h

Examples:

# basic usage
$ python w3brute.py -t http://www.example.com/admin/login.php

# look for the admin page
$ python w3brute.py -t http://www.example.com/ --admin

# uses a password file zip list. (syntax => <path><;filename>[:password])
$ python w3brute.py -t http://www.example.com/ --admin -u admin -p /path/to/file.zip;filename.txt # (if the file is encrypted: /path/to/file.zip;filename.txt:password)

# slice the password from the list. (syntax => <start>[:stop][:step])
$ python w3brute.py -t http://www.example.com/ --admin -u admin -sP 20000

Disclaimer

Usage of w3brute for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program.

Contribute

see the CONTIRBUTING.md file.

Links