This is a script made in ruby to attack login forms on web pages by brute force method with wordlists. It tests both the combination of passwords and usernames with the selected wordlist.
git clone https://github.com/Jsmoreira02/BruteForce-Login-Page.git./ForceCannon.rb -t http://test-vuln -u admin123 -P rockyou.txt -e The username or password provided is incorrect
-
Automatic --> It was built to be as efficient as possible, however it is not a 100% efficient method and if you are having problems finding the credentials during the attack, please consider using the manual mode.
-
Manual --> Just enter the username and password attribute and let it roll, this mode is 100% reliable.
The script works with the name attribute of the HTML element contained within the <form> tag. The user will use this to enter the username and password values and submit the data request for authentication.
Using a good wordlist (dictionary) of possible passwords or usernames, the script will continuously insert in the username or password attribute with the items in the list until it finds the right match and the authentication request is approved.
For this to occur correctly, the user must enter the identifier(value) of the name attribute of the username and password field in the program, and the target URL must contain the value of the action attribute of the <form> tag, which tells where to send the form-data when the form is submitted and insert the error message that the application returns when the credentials are incorrect, so that it is given as success if the error message is no longer in the body of the page after the request.
<form action="/action_page.php" method="get">
Username <input type="text" id="name" name="nameValue"><br><br>
Password <input type="password" id="pass" name="passValue"><br><br>
Log-in <input type="submit" value="Submit">
</form>
I am not responsible for any illegal use or damage caused by this tool. It was written for fun, not evil and is intended to raise awareness about cybersecurity