Good day!
Hello python folks, it's been a while since coding in Python because I've been busy on my open-source Java project, a small scale (Lending Business System).
By the way, I miss Python so much and created a new script called pybasichttpscan.py. It's a threaded pentesting scanner for basic HTTP authorization using dictionary attack. It is an attempt in which the script tries to log in with username and a password. Each time the script tries it uses a different word in the dictionary file.
A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.
In this tool, you have two dictionary files needed for arguments:
- A list of user dictionary
- A list of password dictionary
:: [PH] Index Python HTTP Auth Scanner ::
http://asianzines.blogspot.com
Usage:
python pybasichttpscan.py [URL] [userdict.txt] [passdict.txt]
Example: $ python pybasichttpscan.py http://192.168.1.1 user.txt pass.txt
It uses interactive text based while scanning so that you can view what username/password that is being check for authorization. For a quick experiment, I tried attacking my router's basic http authorization on my local area network and here's the result.
There! As you can see, it displays my router credentials and that is admin:1234; my username and password have been found! ;-).
You may download the script along with simple dictionary files here:
http://www.mediafire.com/download/uxhl6s0yml4u6xz/index-pybasichttscanner.tar
Pull it via Git: https://github.com/phteam/python-basic-http-cracker
Take note that this method used to break security systems, specifically password-based basic http authorization systems, so you use it at your own risk. The author is not liable for any damages arising from its use.
How this one works? can you give me an instruction how to use this script? i want to use it for educational purpose.
ReplyDeleteHello †Zidax†, the instructions already in my post.
ReplyDeleteSee: Usage:
python pybasichttpscan.py [URL] [userdict.txt] [passdict.txt]
Example: $ python pybasichttpscan.py http://192.168.1.1 user.txt pass.txt
First thing you need to do is download the tar balls and extract it. If you are using linux you can do this by issuing this command: $ tar -zxvf index-pybasichttscanner.tar.gz
Then cd into `pybasichttpscanner` directory, you can run it via $ python pybasichttpscan.py [host] [user.txt] [pass.txt]
If you are using windows and don't have python installed yet, please download it on http://python.org/. If you have downloaded it under windows, you can extract tar balls using WinRar and use windows `cmd` to run it cd into the directory and do the same with the above example.
Thanks
can i use it at https://koding.com/R/zidaxxx?
ReplyDeleteYes definitely koding VPS runs on Linux, ubuntu based distro. :-)
Deleteur scripts are awesome .. i really like all of them.
ReplyDeleteGlad you like it Dymond :-)
DeleteSAP FICO Course In Noida
ReplyDelete