Metadata-Version: 2.1
Name: brute-force-attacker
Version: 1.0.1
Summary: A wrapper tool for mediainfo tool
Author: Praveen
Author-email: mspraveenkumar77@gmail.com
Description-Content-Type: text/markdown

# Brute Force Login Tool

![Python Version](https://img.shields.io/badge/Python-3.x-blue) ![License](https://img.shields.io/badge/license-MIT-green)

## Overview

This is a simple Brute Force Login tool written in Python. It is designed to assist in testing the security of login forms or API login endpoints. The tool supports both GET and POST HTTP methods for brute force attacks and give results based on the retrieved status code.

### Testing Site: https://forms.praveenms.site/login.php
The above site is used to test the Brute force login 

## Features

*   **Form Analysis:** Extracts and analyzes HTML form attributes to identify input names for username and password fields, extracts the `type` of a input tag or button tag, also extracts all the required tokens, cookies for a login Session.
```
Example:
➜  Praveen brute-force git:(main U:1 ✗) 🚀 brute -w word1.txt -u admin -t "https://forms.praveenms.site/login.php" -m POST
Brute Force Login
Tool By Praveen
Required Login Page URL or API Login URL Endpoint
Leave blank if you don't have, In optional cases
This module is not intended to be imported
[+] Username Provided, Username: admin, Using Username From User Input
[+] Using POST Method

Form Attributes Found:

Form 1 attributes:
  Method: POST
  Action: login.php
  Input types:
    password, text
  Input names:
    username, password
  Input names for username and password fields:
    Username input name: username
    Password input name: password
```
*   **Wordlist Attack:** Supports username and password brute force attacks using a provided wordlist file.
*   **GET and POST Methods:** Choose between GET and POST methods based on the target's login mechanism.
*   **Cookie Support:** Optionally provide a cookie value for authentication.
*   **User-friendly Interface:** Provides clear and colored console output for better user interaction.


## Release - PYPI
```
pip install pip install brute-force-attacker
```


### How to Run as command line tool

```
brute -w <wordlist_file> -t <target_url> -m <http_method> [-u <username>] [-c <cookie_value>]
```

*   `-t` or `--target`: Specify the target URL.
*   `-w` or `--wordlist`: Specify the wordlist file.
*   `-m` or `--method`: Specify the HTTP method (get or post).

Optional arguments:

*   `-u` or `--username`: Specify the username for targeted brute force (optional).
*   `-c` or `--cookie`: Specify the cookie value for authentication (optional).

## Usage

## Create a Virtual Environment and Activateit before using the tools 

### Create a Virtual Environment 
```
python3 -m venv venv
```
### Activate 
```
source venv/bin/activate
```

## Examples
### Brute Force Login using POST with username
#### Here admin is the username, word1.txt contains all the common passwords (Passwords only)
```
brute -w word1.txt -u admin -t "https://forms.praveenms.site/login.php" -m POST
```
### Brute Force Login using POST without username
#### By the below syntax you can run the brute force attack without usernames as it takes all the common username and password from the file named word2.txt
```
brute -w word2.txt -t "https://forms.praveenms.site/login.php" -m POST
```

### Brute Force Login using GET with Username
#### This works on HTTP Get method with username where the username is given and the password is left Blank where it is extracted from the word1.txt
```
brute -w word1.txt -t "https://forms.praveenms.site/login.php?username=admin&password=" -m GET
```

### Brute Force Login using GET with Username
#### This works on HTTP Get method without username and password where the username and password is left Blank, it is extracted from the word2.txt
```
brute -w word2.txt -t "https://forms.praveenms.site/login.php?username=&password=" -m GET
```

## Sample usage
```
➜  Praveen brute-force git:(main U:1 ✗) 🚀 brute -w word1.txt -u admin -t "https://forms.praveenms.site/login.php" -m POST
Brute Force Login
Tool By Praveen
Required Login Page URL or API Login URL Endpoint
Leave blank if you don't have, In optional cases
This module is not intended to be imported
[+] Username Provided, Username: admin, Using Username From User Input
[+] Using POST Method

Form Attributes Found:

Form 1 attributes:
  Method: POST
  Action: login.php
  Input types:
    password, text
  Input names:
    username, password
  Input names for username and password fields:
    Username input name: username
    Password input name: password
[+] Using Wordlist: word1.txt
-----------------------------------------------
Trying: admin and root ...
[+] Status Code: 401
-----------------------------------------------
Trying: admin and admin ...
[+] Status Code: 401
-----------------------------------------------
Trying: admin and test ...
[+] Status Code: 401
-----------------------------------------------
Trying: admin and guest ...
[+] Status Code: 401
-----------------------------------------------
Trying: admin and ansible ...
[+] Status Code: 401
-----------------------------------------------
Trying: admin and ec2-user ...
[+] Status Code: 401
-----------------------------------------------
Trying: admin and vagrant ...
[+] Status Code: 401
-----------------------------------------------
Trying: admin and azureuser ...
[+] Status Code: 401
-----------------------------------------------
Trying: admin and !root ...
[+] Status Code: 401
-----------------------------------------------
Trying: admin and pass@123 ...
[+] Status Code: 200
[+] Login Successful!
[+] Login Creds: 
[+] Username: admin
[+] password: pass@123
```

## Disclaimer

This tool is intended for educational and testing purposes only. Unauthorized access to systems or networks without permission is illegal.

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
