Bruter
INTRODUCTION
Bruter is a parallel login brute-forcer. This tool is intended to demonstrate
the importance of choosing strong passwords. The goal of Bruter is to support a variety of services
that allow remote authentication.
PLEASE NOTE THAT THIS TOOL IS INTENDED FOR LEGAL PURPOSES ONLY!
SUPPORTED PLATFORMS
- Windows 2000/XP/Vista/7 (Required Microsoft VC++ 2008 SP1 Runtime)
- WINE (Required vcrun2008 from winetricks; Not fully test)
HOW TO USE
Connection Options Group
All input fields in this group are used for identifying targets and protocols.
- Target:
A target can be an IP address (only IPv4) or a hostname. The application can
perform a test on only one target at a time. Therefore, this field must contain only one
IP address or hostname.
- Protocol:
Each protocol has a different login method. You need to select a service
that a target server uses. Some protocols have their own options. For more
information about protocol options, see PROTOCOL OPTION
DETAIL section.
- Port:
If a target service is not on default port, you can define it here.
Default port numbers are used according to IANA.
- SSL:
Check this option if a target service uses SSL for connection. When you
check or uncheck this box, "Port" field will be changed to default port number automatically.
Proxy Options
- Use Proxy:
Check this to enable proxy feature. When proxy is enabled, ALL connection from
the application will pass throught proxy.
- Type:
A proxy type to be used. Now, Bruter supports HTTP (CONNECT only), SOCKS4, and SOCKS5.
- Let proxy resolves target:
This option determines where a target hostname will be resolved (from your computer or proxy server).
Check this if you want the application passes a target hostname to proxy. DNS resolution will be
occured from proxy server.
- Address:
A proxy IP address (only IPv4) or hostname.
- Port:
A proxy port.
- Requires Authentication:
Check this if proxy requires authentication.
Note: HTTP CONNECT type supports only Basic authentication method
Note: SOCKS5 type supports only Username/Password authentication method
- Username:
A username for proxy authentication.
- Password:
A password for proxy authentication.
User Option Group
- User:
A username or a filename that contains usernames (one username per line).
If an input text is not a filename, it will be used as a username (Single User mode).
Password Modes Group
This group is used for selecting a testing mode. To enable each mode, the checkbox
must be checked. You must select at least one of the checkbox.
- Combo:
This mode will use "username:password" pairs from a file. The provided file must
contain one pair per line.
Remark: This mode ignores the User option
Remark: Username cannot contain colon delimitor character (depends on what you choose)
- Dictionary:
This mode will use wordlist from a file (also known as dictionary attack).
The provided file must contain one word per line. Each word can have the extra string (%username%).
It will be replaced with testing username. If an input text in this field is not
a filename, it will be used as a word (see "example_dict.txt").
Remark: For testing a blank password, use an empty string (no space).
Remark: You cannot testing the "%username%" string as password.
Remark: The application loads all wordlist into memory before testing.
So the application will be crashed if the wordlist file is too big.
- Brute force:
This mode will try every possible password. You can select a charset for brute forcing
from Option. Also you can defined the minimum and maximum password length for brute
forcing.
Remerk: Usually, this mode does not suit for network login.
The application tests against the target using Combo, Dictionary, and Brute force respectively.
Dictionary Options
These options are used for mutating passwords. If the mutated password is same as the original password,
the application will not send this password to test against a target again. To enable each option,
the checkbox must be checked.
- Lowercase:
This option will change all characters to lowercase.
- Uppercase:
This option will change all characters to uppercase.
- Uppercase first character:
This option will change only first character to uppercase.
- Reverse:
This option will reverse a password string.
- Double Word:
This option will double a password string. For example, "admin" will be "adminadmin".
Misc Options Group
- Connections:
The number of logins to be tested concurrently. Normally, the program runs faster if the connection
value is higher. But if you set it too high, speed might be dropped.
Note: The maximum connection is 64 because of the limitation of Windows API (WaitForMultipleObjects()).
- Max Retry:
The number of attempts per account when unexpected results happen.
- Time out:
The maximum wait time in seconds for server response.
- Wait for retry:
The wait time in milliseconds for retrying the same username/password again after an error
occured.
- Wait for each try:
The wait time in milliseconds for trying the next username/password. This option is used for
making brute forcing slower.
- Max Attempt/Connection
The number of attempts in the same connection. There are 2 special values
- "-1" means this value will be auto-detected while testing. The program detects this value
from the number of attempt before network problem occurs or getting an unexpected error.
- "0" means login using the same connection until a server disconnects.
Note: Do not expect the program always be able to auto-detecting the value.
- Stop when found one
If this checkbox is checked, the testing will be stopped immediately when the application
found one valid account.
- Password First
If it is checked, the testing will iterate usernames for each password. This option should not
be used in some protocols such as SSH2.
Display Tab
- Result:
Display found valid target/username/password tuples.
- Testing:
Display the testing username and password. Currently, this field is updated every
1 seconds.
- Message:
Display a notify or error messages. All unsuccessful logins are not displayed.
Status Bar
- First column:
Display the status of latest task.
- Second column (Pwd/Sec):
Display the speed of brute forcing as the number of password per second. It is a number of tested passwords
in a last second.
- Third column:
A total number of tested credentials (username:password).
- Fourth column:
The total time in seconds since testing started.
Menu
- File
- Save Result: Save the found result in text file (tab delimited).
- Exit: Exit the program. The program will ask for saving the state if you try to exit when it is running.
You can load the last save state from "Load Setting" with name "_last_state".
- Setting
- Load Default: Load the default setting.
- Set as Default: Set the current setting (shown in the dialog) as default.
- Load Setting: Load a saved setting.
- Save Setting: Save the current setting (shown in the dialog). If program is running against a target,
the state also is saved.
Note: All settings are saved in "cfg" directory.
Note: Load/Save settings includes the module options.
- Log
- Setting: Set what information to be written to log file. The feature is supposed to use for debuggin only.
Cannot be used with multiple application instances.
- Help
PROTOCOL OPTION DETAIL
DEPENDENCIES
BUGS & FEATURES
If you find bugs or have any questions, please email to me (in English or Thai only).
Copyright (C) 2010 Worawit Wangwarunyoo
worawita [a t] gmail dot com