lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4903616D.6030309@libero.it>
Date: Sat, 25 Oct 2008 20:11:57 +0200
From: raven <locrideweb@...ero.it>
To: Jerome Athias <jerome.athias@...e.fr>
Cc: bugtraq@...urityfocus.com
Subject: Re: HTTPBruteForcer released

Mon amie,
why someone have to choose your HttpBruteForcer and not fscan[1] of 
Andrea Tarasco?
fscan is with with source code, with multi thread support, customizable 
user forms and support proxies and you can compile on linux too.
The unique problem it's the command line execution, but if you are not a 
script kiddie or sunday lamer you can use without difficulties.
So, why someone have to choose your software if he can use a software 
with public source available?

Francesco.

[1] http://www.514.es/fscan.zip

Jerome Athias ha scritto:
> Hi there,
>
> Due to the high number of requests, I have decided to release a fully
> usable version of HTTPBruteForcer, the free and easy to use web-based
> login forms' bruteforcer for Windows.
> HTTP BruteForcer is a tool designed for webmasters, programmers and
> websites administrators, or pentesters, to perfom a password strength
> check against a simple web login form.
>
> The old demo version was limited to a limited built-in wordlist.
> The new public version let you use a custom wordlist. (
> https://www.securinfos.info/wordlists-dictionnaires.php or default
> passwords list
> https://www.securinfos.info/passwords-liste-mots-de-passe.html )
>
> Download link and video demonstration:
> https://www.securinfos.info/english/httpb/HTTPBruteForcer.exe
> MD5: 0b1b50508d8a8fe68798a672515414ac
> SHA1: 41eda9a2c47f581b319f80211ea85f880793664b
> https://www.securinfos.info/outils-securite-hacking/httpbruteforcer_demo.swf.php
>
> -- IMPORTANT NOTES --
>
> HTTPBruteForcer requires Internet Explorer (IE WebBrowser ActiveX)
> * This version has some limitations...
> * It doesn't include proxys' support
> * It doesn't support threads
> * It doesn't include the "login-name" bruteforce functionnality
> * Sources are not publicly available
> ..
>
> -- HOW TO PROTECT YOUR WEBSITE AGAINST BRUTE FORCE ATTACKS --
>
> To protect your websites against such attacks, we'll release soon a
> detailed tutorial.
> Anyway, programmers *must* use:
> - Best programming practices (avoiding SQL Injection, XSS
> vulnerabilities, user-supplied inputs checks, etc)
> - Complexity for all and both users logins and passwords
> - Max counter of logins attempts
> - Captchas
>
> -- DISCLAIMER --
>
> Use this software at your own risks.
> This software is provided "AS IS" and without warranty of any kind to
> the extend allowed by the applicable law.
> This software must only be used against your own website or with the
> agreement of the owner of a website.
> The author of this software does not warrant and does not assume any
> responsibility concerning the use of this software.
> The author can not be held responsible in case of illegal use of this
> software.
> The user is the only responsible from their use. The author would not be
> liable for any kind of damages, direct or indirect, resulting from a bad
> use of this software.
>
> Have a nice week-end.
> Best regards
> /JA
>
> HTTPBruteForcer is coded by Jerome Athias, webmaster of
> https://www.securinfos.info (One of the most famous french IT security
> related website ;p).
> HTTPBruteForcer is provided by JA-PSI, new French IT Security Company,
> France.
> .
>
>   

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ