Skip to content

Http Login Bruteforce python script with WAF fingerprint and Web Protection fingerprint

License

Notifications You must be signed in to change notification settings

faisalfs10x/HttpWaf-Login-Bruteforce

Repository files navigation

HttpWaf-Login-Bruteforce

  • Http Login Bruteforce python script with WAF fingerprint and Web Protection fingerprint.

Prerequisite

  • request file from burp suite or any tool request intercept
  • CREDENTIALFILE in pair of username:password format
  • username field
  • password field
  • invalid message

WAF Fingerprint Methodology

  • based on request or response headers.
  • response page content.

Features

  • Read request file from burp suite or any tool request intercept

  • WAF fingerprint:

    • Mod_Security
    • WebKnight
    • Cloudflare
    • FortiWeb
    • Imperva Incapsula
    • GoDaddy
    • ASP.NET Generic
  • Web Protection fingerprint:

    • Clickjacking
    • CloudFlare protection
    • CSRF token

Tested on

Installation

  1. Python 3
  2. git clone https://github.com/faisalfs10x/HttpWaf-Login-Bruteforce
  3. run 'bash install.sh' to auto-install module in requirements.txt

Usage

usage: httpwaf.py [-h] -r REQUESTFILE -c CREDENTIALFILE -u USERFIELD -p PASSFIELD -i INVMSG [-V]

Parallel Dictionary Login

optional arguments:

      -h, --help            					show this help message and exit
      -r REQUESTFILE, --requestfile REQUESTFILE  		path to requestfile.txt format from burpsuite request intercept is compulsory!!
      -c CREDENTIALFILE, --credentialfile CREDENTIALFILE  	path to credentialfile.txt in pair of username:password format
      -u USERFIELD, --userfield USERFIELD  			username field
      -p PASSFIELD, --passfield PASSFIELD  			password field
      -i INVMSG, --invmsg INVMSG  				invalid message in double quoted string
      -V, --version         					show program's version number and exit

Output

enter image description here enter image description here

About

Http Login Bruteforce python script with WAF fingerprint and Web Protection fingerprint

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published