brut3k1t is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are:
KEY NOTES TO REMEMBER:
* If you do not supply the port -p flag, the default port for that service will be used. You do not need to provide it for Facebook and Instagram, since they are um… web-based. 🙂
* If you do not supply the delay -d flag, the default delay in seconds will be 1.
* Remember, use the SMTP server address and XMPP server address for the address -a flag, when cracking SMTP and XMPP, respectively.
* Facebook requires the username ID. This is a little bit of a setback since some people do not display their ID publicly on their profile.
* Make sure the wordlist and its directory is specified. If it is in /usr/local/wordlists/wordlist.txt specify that for the wordlist -w flag.
* Remember that some protocols are not based on their default port. A FTP server will not necessarily always be on port 21. Please keep that in mind.
* Use this for educational and ethical hacking purposes, as well as the sake of learning code and security-oriented practices. No script kiddies!
Use & download:
git clone https://github.com/ex0dus-0x/brut3k1t && cd brut3k1t
pip install -r requirements.txt
Cracking Facebook is quite a challenge, since you will require the target user ID, not the username.
python brut3k1t.py -s facebook -u 1234567890 -w wordlist.txt
Cracking Instagram with username test with wordlist wordlist.txt and a 5 second delay
python brut3k1t.py -s instagram -u test -w wordlist.txt -d 5