Skip to content

BrutaLog, spams HTTP(S) requests to phishing site's login form w/ randomly generated logins to bloat the target's database and or waste the scammer's time.

License

Notifications You must be signed in to change notification settings

ajm113/brutaLog

Repository files navigation

BrutaLog


Phishing site attack software that spams random logins to targeted website's form

Preview Video

NOTE: Author nor maintainers are NOT liable for users taking advantage of brutaLog against innocent websites or software!

If you feel someone is using BrutaLog against your website maliciously. Please contact your system admin or make sure your services are setup to IP block large requests that failed to auth or web services that can properly filter legitimate logins perhaps using frontend methods to ensure proper tokens are passed when a login attempt occurs.

How does BrutaLog work?

Sends random logins from table of emails and or passwords to targeted form submit URL that acts like a browser POST request that should in-theory bloat the targeted phishing website database with useless logins that will also increase the phishing website expenses if the scammer doesn't have proper precautions against these type of attacks.

How to Build

Make sure you have the latest Go 1.16+ installed.

$ go build .

Running example:

Sends a single request to target website:

$ ./brutaLog -u=https://targetwebsite.com/login.php

Sends attack on website when verified that the used/other command works.

& ./brutaLog -u=https://targetwebsite.com/login.php -w=100 -c=0

Todos:

  • Create handle for manager that keeps tabs on requests sent, error counts, verbose mode, etc...
  • Improved delay controls if user wants the delay to be stupped instead of random between 0 to x.
  • Add random email generator.
  • Add keep alive headers and or any missing headers the HTTP client should have.
  • Add docker container for easier swarm control.
  • Add Wiki!

About

BrutaLog, spams HTTP(S) requests to phishing site's login form w/ randomly generated logins to bloat the target's database and or waste the scammer's time.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages