Displaying 1 to 20 from 34 results

patator - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

  •    Python

Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors. The name "Patator" comes from this.

KeychainCracker - macOS keychain cracking tool

  •    Objective-C

macOS keychain cracking tool. I wrote this software in order to help relatives of a deceased friend to recover data from his computer. Please enjoy it responsibly, and please do not hack/harm people.

BruteX - Automatically brute force all services running on a target.

  •    Shell

This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use. Donations are welcome. This will help fascilitate improved features, frequent updates and better overall support for sniper.




express-rate-limit - Basic rate-limiting middleware for express

  •    Javascript

Basic rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset. Note: this module does not share state with other processes/servers by default. If you need a more robust solution, I recommend using an addon store or trying out one of the excelent competing options.

tactical-exploitation - Modern tactical exploitation toolkit.

  •    Python

I've always been a big proponent of a tactical approach to penetration testing that does not focus on exploiting known software vulnerabilities, but relies on old school techniques such as information gathering and brute force. While being able to appreciate the occasional usefulness of a well-timed 0day, as a veteran penetration tester I favor an exploit-less approach. Tactical exploitation provides a smoother and more reliable way of compromising targets by leveraging process vulnerabilities, while minimizing attack detection and other undesired side effects. This repository aims to provide a tactical exploitation toolkit to assist penetration testers during their assignments. The tools currently released are described below. See also http://www.0xdeadbeef.info/ for some older tools and techniques.

ForcePlot

  •    

Force plot is a user friendly graphing calculator which uses brute-force computing. It can plot difficult equations that many popular programs cannot plot.


Silverlight Sudoku

  •    Silverlight

This is a Silverlight 4 interactive Sudoku game, full source included.

MasterMind Solver

  •    Java

This Java project is a rough example of how to develop a brute force validation algorithm to make your computer look like "making guesses". It will take the role of a MasterMind player trying to solve the puzzle set by you.

Mindless Setback

  •    CSharp

Setback is a card game popular in New England. This project uses a combination of brute force and Monte Carlo methods to play Setback. This is an experimental approach to playing cards and other games where incomplete information is available.

castle-ruby - Ruby gem for Castle

  •    Ruby

Castle adds real-time monitoring of your authentication stack, instantly notifying you and your users on potential account hijacks.Load and configure the library with your Castle API secret in an initializer or similar.

FileVaultCracker - macOS FileVault cracking tool

  •    Objective-C

macOS FileVault cracking tool. I wrote this software in order to help relatives of a deceased friend to recover data from his computer. Please enjoy it responsibly, and please do not hack/harm people.

distributed-jwt-cracker - An experimental distributed JWT token cracker built using Node

  •    Javascript

An experimental distributed JWT token cracker built using Node.js and ZeroMQ. It can be used to discover the password (or "secret") of an unencrypted JWT token using a HS256 signature. Requires ZeroMq libraries to be already installed in your machine.

indexed-string-variation - Experimental JavaScript module to generate all possible variations of strings over an alphabet using an n-ary virtual tree

  •    Javascript

Experimental JavaScript module to generate all possible variations of strings over an alphabet using an n-ary virtual tree. Generally useful to create distributed brute-force password recovery tools or other software that might require distributed generation of all possible strings on a given alphabet.

jwt-cracker - Simple HS256 JWT token brute force cracker

  •    Javascript

Simple HS256 JWT token brute force cracker. Effective only to crack JWT tokens with weak secrets. Recommendation: Use strong long secrets or RS256 tokens.

cracker - Parallel password cracker

  •    Python

It tries to be more efficient by parallelizing the work performed on different character sets. For example, if the character set abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ is selected then one worker will work with abcdefghijklmnopqrstuvwxyz, another worker will work with ABCDEFGHIJKLMNOPQRSTUVWXYZ, and the last worker will work with abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ. While this tool does what it's supposed to, it has some major downfalls. For starters, it's using Python. I'm not saying Python is a bad language or anything like that. The issue is Python's GIL which prevents multiple threads from executing Python's bytecode at the same time. This means that I am unable to achieve parallelism with threads since only one character set would be worked on at a time. What needs to be done instead is splitting the work up across multiple processes and share data across those processes. This is less efficient than working with threads in general but is a necessary evil with Python.

brute_force_bip38 - A brute-force decoder of BIP38 encoded private keys for the CLI.

  •    Javascript

A brute-force decoder of BIP38 encoded private keys for the CLI. The application will now utilize all available CPUs to test each secret against your BIP38 encoded private key. Invalid secrets are logged out to invalid_secrets.json. If a valid secret has been found it will be logged out to valid_secret.json.