lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 2 Jan 2017 12:57:06 +0000
From: psy <>
Subject: [FD] CINtruder v0.3 released...

Dear list,

I have released a new Captcha Intruder (CINtruder) code. It includes a
complete Web User Interface (GUI) and some advanced features for:
update, manage dictionaries, etc.

If you're not already familiar with CINtruder, please read the
DESCRIPTION section below.


You can download the new Captcha Intruder here:

 git clone


Captcha Intruder is a free software[0] automatic pentesting tool to
bypass captchas.

It uses Optical Character Recognition (OCR)[1] techniques to process
images into computer language and brute-forcing methods to compare them
with a dictionary. To do that it only requires a few libraries:

    python-pycurl - Python bindings to libcurl
    python-libxml2 - Python bindings for the GNOME XML library
    python-imaging - Python Imaging Library

 sudo apt-get install python-pycurl python-libxml2 python-imaging

Here are some of CINtruder's features:

 + Proxy Socks (for example, to connect to the TOR network)
 + Spoofed HTTP header values
 + Web User Interface (GUI)
 + Automatic update
 + Download captchas from url (tracking)
 + Apply different OCR algorithms (training + cracking)
 + Cracking captchas: local + remote
 + List/Set existing OCR specific modules (example provided)
 + Export results to XML
 + Replace suggested word on commands of another tool
 + [...]

With Captcha Intruder a security researcher can solves a captcha on a
form and pass that "cracked" parameter immediately to another tool.

For example, if you want to launch a sqlmap to search for SQLi and there
is a captcha, you can handler both tools like this (using flag: CINT):

$ ./cintruder --crack "" --tool "sqlmap






* View help:

./cintruder --help

* Update to latest version:

./cintruder --update

* Launch web interface (GUI):

./cintruder --gui

* Simple crack from url, with proxy TOR and verbose output:

./cintruder --crack ""
--proxy="" -v

* Replace suggested word by CIntruder after cracking a remote url on
commands of another tool (ex: "XSSer"):

$ ./cintruder --crack "" --tool "xsser


This initiative depends on donations in order to be able to pay the
server infrastructure.

BTC: 19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw




EOF: [Fyodor] -> ;-)

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists