Skip to content

Features

Jump to bottom Edit New page
lanjelot edited this page Feb 3, 2025 · 3 revisions

Why

Basically, I got tired of using Medusa, Hydra, Ncrack, Metasploit auxiliary modules, Nmap NSE scripts and the like because:

  • they either do not work or are not reliable (got me false negatives several times in the past)
  • they are not flexible enough (how to iterate over all wordlists, fuzz any module parameter)
  • they lack useful features (display progress or pause during execution)

Features

  • No false negatives, as it is the user that decides what results to ignore based on:

    • status code of response
    • size of response
    • matching string or regex in response data
    • ... see --help

  • Modular design

    • not limited to network modules (eg. the unzip_pass module)
    • not limited to brute-forcing (eg. remote exploit testing, or vulnerable version probing)

  • Interactive runtime

    • show progress during execution (press Enter)
    • pause/unpause execution (press p)
    • increase/decrease verbosity
    • add new actions & conditions during runtime (eg. to exclude more types of response from showing)
    • ... press h to see all available interactive commands

  • Use persistent connections (ie. will test several passwords until the server disconnects)

  • Multi-threaded

  • Flexible user input

  • Any module parameter can be fuzzed:

    • use the FILE keyword to iterate over a file
    • use the COMBO keyword to iterate over a combo file
    • use the NET keyword to iterate over every hosts of a network subnet
    • use the RANGE keyword to iterate over hexadecimal, decimal or alphabetical ranges
    • use the PROG keyword to iterate over the output of an external program

  • Iteration over the joined wordlists can be done in any order

  • Save every response (along with request) to separate log files for later reviewing
Add a custom footer
Add a custom sidebar
Clone this wiki locally