jonvassmer / brutescrape Goto Github PK
View Code? Open in Web Editor NEWThis project forked from cheetz/brutescrape
A web scraper for generating password files based on plain text found
This project forked from cheetz/brutescrape
A web scraper for generating password files based on plain text found
==================================================================================== __________ __ _________ \______ \_______ __ ___/ |_ ____ / _____/ ________________ ______ ____ | | _/\_ __ \ | \ __\/ __ \ \_____ \_/ ___\_ __ \__ \ \____ \_/ __ \ | | \ | | \/ | /| | \ ___/ / \ \___| | \// __ \| |_> > ___/ |______ / |__| |____/ |__| \___ >_______ /\___ >__| (____ / __/ \___ > \/ \/ \/ \/ \/|__| \/ Brutescrape | A web scraper for generating password files based on plain text found in specific web pages. Written by Peter Kim <Author, The Hacker Playbook> <CEO, Secure Planet LLC> Usage | python brutescrape.py ==================================================================================== < About > Brutescrape is a tool designed to parse out text from specific web pages and generate password lists for bruteforcing with this text. The main idea in mind was to be able to create password lists that were specific to an organization. This way, the user will then have a password list that contains keywords specific to the target entity, which provides a better chance at recovering credentials used within said entity. Furthermore, the use of rule files found within the users favorite password cracking tool could essentially increase the chances of recovering plain text passwords from an organization. E.X >> The user is performing a penetration test against HackMe, Inc. The user knows the HackMe company has a website http://www.hackme.com/, and uses BruteScrape against this site. The user now has a password file created specifically from parsing text within HackMe's website. The user then uses this wordlist against hashes they had found during a phase of the pentest. The user then decides to use this wordlist against his list of hashes within oclHashcat, and recovers the plain text of a hash: "hackme". In this example, the user found a very weak password, but cases such as these would be very rare, as organizations usually have password policies in place. The use of rules files would probably be more viable in recovering these plain text hash values, and so the user attempts to crack the hashes again, this time using a rule file that will append 4 digits from 0000 - 9999 at the end of every word in his list. Ah! More hashes are found: "hackme4331,hackme9901". How about a rule to change every word to leet speak? More hashes found: "h4ckm3, h4ckm3,inc.P455". And so on and so forth. < Usage > Using the script is simple. The target webpage(s) should be listed in your "sites.scrape" file like so- http://www.site.com,http://www.site2.com,http://www.site3.com/index.php,http://www.site4.com/admin Then run the script- python brutescrape.py And that's it. The target sites defined in your "sites.scrape" file will be parsed through and the parsed words will be written to a file named "passwordList.txt".
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.