| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 20 Nov 2010 21:58:39 +0200 From: nix@...roxylists.com To: rdsears@....edu Cc: full-disclosure@...ts.grok.org.uk Subject: Re: NiX - Linux Brute Force 1.0.3 update has been released > Would you care to offer what particular tests you did to compare your tool > to Hydra? > > Just curious. > > Ryan Execuse my english. Here´s NiX advantages over Hydra: --- Support all proxies: HTTP/SOCKS 4 and 5 proxy support -> Integrated proxy randomization to defeat certain protection mechanisms -> Auto-removal of dead or unreliable proxy and when site protection mechanism blocks the proxy: Any site that is banning proxies after certain amount of failed logins, you are just wasting your time with hydra on these sites. Earlier someone said, i use proxychains to get more proxy support. Good idea but when a proxy timeouts, it will make significant delay to your check and you have no way to remove those proxies. When more proxies will time out...FAIL. --- FORM auto-detection & Manual FORM input configuration. -> Hydra does not support cookie parameter at all when you configure manually form input. For example strict site such as Webmin require cookie to be sent at the begin or you are just wasting your time. NiX has significantly better FORM mode and the FORM auto-detection is nice add-on especially for less advanced users. Obviously Hydra´s dev. are not real crackers as they did not added success or failure key support also to basic authentication mode, there are sites that give 200 OK reply when they ban proxy, again anyway with a single proxy support you are pretty much fucked unlike with NiX. Also, hydra will fail if the FORM is on HTTP page but the FORM target is SSL ;) NiX has auto-detection logic to this as well and can brute all these sites. What I can currently see, Hydra´s advantages over NiX are: Support for more protocols and because it´s written in pure C, it is a less CPU intensive. It works also on various platforms unline NiX. I am not saying it´s a bad tool but the above are the reason i decided to code my own tool. PS. I have coded NiX`s current features solely on my own in 1.5 months with all testing while they have been developing it in a team for several years? Someone asked: "Why did you coded NiX cuz we have Hydra and they have been doing it for years?" The answer: I was not even aware of Hydra until a week ago someone asked this question. The above features answers it in full why did I code it. > > On Nov 19, 2010, at 6:52 PM, nix@...roxylists.com wrote: > >> There are several fixes done in this release compared to the 1st >> version. >> It is encouraged to upgrade to the latest version. >> >> To those who want to ask, does it outperform Hydra? Yes it does, >> especially in basic auth and form mode. >> >> Full features and download: http://myproxylists.com/nix-brute-force >> Changelog: http://myproxylists.com/NIX_BRUTE_FORCER.CHANGELOG >> >> Regards NiX Lead Developer >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists