Skip to content

skarnecki/lockpick

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
web
web
 
 
.gitignore
.gitignore
 
 
Gopkg.toml
Gopkg.toml
 
 
README.md
README.md
 
 
main.go
main.go
 
 

Repository files navigation

Lockpick

Commandline tool for web application brute-force attack.

Usage

Project use golang/dep to manage dependencies.

> dep ensure

> go run main.go --address http://localhost:8080/login.php \
--dictionary /tmp/dict.txt \
--username admin \
--message "User or password incorrect" \
--payload "{\"user\": \"{{username}}\", \"pass\": \"{{password}}\", \"Login\": \"Login\"}"

Flags

  • -a, --address Full address to password form
  • -u, --username Payload template.
  • -d, --dictionary Path to dictionary file.
  • -p, --payload Payload template.
    • Default "{"username": "{{username}}", "password": "{{password}}", "Login": "Login"}"
  • -m, --message Message after unsuccesful login attempt.
    • Default "Login failed"

About

Bruteforce web application password

Topics

bruteforce webapp security-tools

Resources

Readme
Activity

Stars

4 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages