项目地址:https://github.com/ex0dus-0x/brut3k1t
brut3k1t是一款服务端的暴力破解模块,支持多种协议的字典攻击。目前完整支持的协议有:
1 2 3 4 5 6 |
ssh ftp smtp XMPP instagram facebook |
将来会针对不同协议和服务实现对应的爆破模块(包括 Twitter, Facebook, Instagram)。
安装过程很简单。brut3k1t 需要解决一些依赖,如果你没有的话,程序会安装对应依赖。
下载很简单。使用 git clone
。
1 |
git clone https<span class="token punctuation">:</span><span class="token operator">/</span><span class="token operator">/</span>github<span class="token punctuation">.</span>com<span class="token operator">/</span>ex0dus<span class="token operator">-</span>0x<span class="token operator">/</span>brut3k1t |
切换路径:
1 |
cd <span class="token operator">/</span>path<span class="token operator">/</span>to<span class="token operator">/</span>brut3k1t |
使用 brut3k1t 比直接运行 Python 文件稍微复杂一点。
python brut3k1t -h
可以显示帮助菜单。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
usage: brut3k1t.py [-h] [-s SERVICE] [-u USERNAME] [-w PASSWORD] [-a ADDRESS] [-p PORT] [-d DELAY] Server-side bruteforce module written in Python optional arguments: -h, --help show this help message and exit -a ADDRESS, --address ADDRESS Provide host address for specified service. Required for certain protocols -p PORT, --port PORT Provide port for host address for specified service. If not specified, will be automatically set -d DELAY, --delay DELAY Provide the number of seconds the program delays as each password is tried required arguments: -s SERVICE, --service SERVICE Provide a service being attacked. Several protocols and services are supported -u USERNAME, --username USERNAME Provide a valid username for service/protocol being executed -w PASSWORD, --wordlist PASSWORD Provide a wordlist or directory to a wordlist |
破解 192.168.1.3
上运行的 SSH 服务器,使用 root
和 wordlist.txt
作为字典文件。
1 |
python brut3k1t<span class="token punctuation">.</span>py <span class="token operator">-</span>s ssh <span class="token operator">-</span>a <span class="token number">192.168</span><span class="token punctuation">.</span><span class="token number">1.3</span> <span class="token operator">-</span>u root <span class="token operator">-</span>w wordlist<span class="token punctuation">.</span>txt |
程序将自动将端口设置为 22,但如果是不同的端口,使用 -p
指定。
使用 wordlist.txt
字典破解 25
端口的 test@gmail.com
,3 秒延迟。破解 email 必须指定 SMTP 服务器的地址。例如 Gmail = smtp.gmail.com
。你可以在 Google 上搜索相关内容。
1 |
python brut3k1t<span class="token punctuation">.</span>py <span class="token operator">-</span>s smtp <span class="token operator">-</span>a smtp<span class="token punctuation">.</span>gmail<span class="token punctuation">.</span>com <span class="token operator">-</span>u <a class="token email-link" href="mailto:test@gmail">test@gmail</a><span class="token punctuation">.</span>com <span class="token operator">-</span>w wordlist<span class="token punctuation">.</span>txt <span class="token operator">-</span>p <span class="token number">25</span> <span class="token operator">-</span>d <span class="token number">3</span> |
使用 wordlist.txt
字典破解 5222
端口的 test@creep.im
。XMPP 与 SMTP 类似,而你需要提供 XMPP 服务器的地址,此例是 creep.im
。
1 |
python brut3k1t<span class="token punctuation">.</span>py <span class="token operator">-</span>s xmpp <span class="token operator">-</span>a creep<span class="token punctuation">.</span>im <span class="token operator">-</span>u test <span class="token operator">-</span>w wordlist<span class="token punctuation">.</span>txt |
破解 Facebook 颇具挑战性,因为你需要目标用户 ID 而不是用户名。
1 |
python brut3k1t<span class="token punctuation">.</span>py <span class="token operator">-</span>s facebook <span class="token operator">-</span>u <span class="token number">1234567890</span> <span class="token operator">-</span>w wordlist<span class="token punctuation">.</span>txt |
使用用户名 test
和字典文件 wordlist.txt
破解 Instagram
账号,五秒延迟。
-p
标志,将使用该服务的默认端口。你不需要为 Facebook 和 Instagram 提供,他们是基于 web 的。-d
标志,默认是 1。-a
标志指定 SMTP 和 XMPP 服务器的地址。/usr/local/wordlists/wordlist.txt
中,使用 -w
标志指定。21
端口上运行。请牢记于心。本文由 安全周 作者:SecJack 发表,转载请注明来源!
您必须[登录] 才能发表留言!