| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 13 Nov 2010 23:50:10 +0200 From: nix@...roxylists.com To: rdsears@....edu Cc: full-disclosure@...ts.grok.org.uk Subject: Re: NiX - Linux Brute Forcer (the beast) has been released!]] > In all fairness I do use proxychains for all of my proxy randomization and > all that kind of stuff if I need it. That way it's consistent regardless > of what I throw at it, even tools without random proxy chaining like nmap > and hydra. I am of course aware of proxychains as i use it myself. But lets get back to one feature: Auto-removal of dead or unreliable proxy and when site protection mechanism blocks the proxy That is not possible using proxychains. A less your program depends on other programs, the better. I am not saying, ten points to THC for coding it in pure C. I could not find any kind of FORM support from hydra, i have put a good amount of time to FORM auto-detection logic as well (very good for less advanced users). Some people have asked what advantages NiX offers over other tools, this question should have been answered now. > > Good job coding it though, I can't imagine that was easy. > Ryan Thanks, really difficult and time consuming project but i have verified it to be stable (45k combolist and over 1000 proxies). PS. If any of you downloaded yesterday 1.0.0 version, please download immediately the latest 1.0.1 version is i forgot to fix something important (told in CHANGELOG) before i packed the release version. If you find a bug, just let me know and i try to fix it asap. > > On Nov 13, 2010, at 3:36 PM, nix@...roxylists.com wrote: > >>> Le vendredi 12 novembre 2010 à 21:47 +0200, nix@...roxylists.com a >>> écrit : >>>> Where is for example FORM auto-detection for those >>>> other tools? Where is SOCKS4 proxy support? Where is proxy >>>> randomization? >>>> Where is logic to drop dead proxies? Where is logic for >>>> fake-detection? >>> >>> Then, you should have started by that, it is that simple. >>> We are all busy and you can't expect anyone to even have a look on >>> your >>> tool or link if you don't highlight how different it is from others or >>> why you did it. >>> >>> As far as I am concerned, these features may be nice, but I don't need >>> them and will stick to Medusa for the brute force tests I run from >>> time >>> to time (ie not often, a few times a year at most). >>> But, to make it clear, it is just my personal opinion, I am not saying >>> that your tool is not interesting or useless. >>> >>> >> >> I just gave a test-run for Hydra against my own site and noticed: >> >> It does support only single proxy, any site that has even a bit >> protection >> will defeat it. NiX does support HTTP/SOCKS4/SOCKS5 (as much as you >> have >> working proxies) with randomization etc. This is significant advantage >> over any other tool. >> >> I have worked 1.5 months constantly on NiX, after i have had a little >> break. I will implement support for other major protocols which is now >> really easy after having otherwise working engine. >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists