W3brute - Automatic Spider Web Application Fauna Forcefulness Educate On Tool
w3brute is an opened upward source penetration testing tool that automates attacks straight to the website's login page. w3brute is also supported for carrying out brute forcefulness attacks on all websites.
Features
- Scanner:
- automatically detects target authentication type.
- admin page scanner.
- SQL injection scanner vulnerability.
- Attack Method:
- SQL injection bypass authentication
- mixed credentials (username + SQL injection queries)
- Support:
- multiple target
- google dorking
- a listing of supported spider web interface types to attack:
- web shell
- HTTP 401 UNAUTHORIZED (Basic as well as Digest)
- create file results brute force attack. supported file format type:
- CSV (default)
- HTML
- SQLITE3
- custom credentials (username, password, domain) (supported zip file)
- custom HTTP requests (User-Agent, timeout, etc)
- and much more...
Installation
You tin download the latest version of the tarball file here or zipball here. If y'all convey installed the
git
package, y'all tin clone the Git repository inwards a way, every bit below:git clone https://github.com/aprilahijriyan/w3brute.git
w3brute tin hold upward run alongside Python version 2.6.x or 2.7.x on all platforms.Usage
To larn all listing of options on w3brute tool:
python w3brute.py -h
Examples:# basic usage $ python w3brute.py -t http://www.example.com/admin/login.php # await for the admin page $ python w3brute.py -t http://www.example.com/ --admin # uses a password file nil list. (syntax => <;filename>[:password]) $ python w3brute.py -t http://www.example.com/ --admin -u admin -p /path/to/file.zip;filename.txt # (if the file is encrypted: /path/to/file.zip;filename.txt:password) # spell the password from the list. (syntax => [:stop][:step]) $ python w3brute.py -t http://www.example.com/ --admin -u admin -sP 20000
Video
Links
- Download: .tar.gz or .zip
- Issue tracker: https://github.com/aprilahijriyan/w3brute/issues