
Python program to create bruteforce lists for http basic authentification

Primary LanguagePython


Python program to create bruteforce lists for http basic authentification

open commandline and cd to the directory where you downloaded the script

python http_basic_bruteforce.py -u [path to user file] -p [path to password file]

-u: path to username file e.g. C:\Users\you\Desktop\user.txt
-p: path to password file e.g. C:\Users\you\Desktop\password.txt

If username or password file are in the same directory as the script, you can just use the name of the file and don´t have to type the path (e.g. user.txt)

--help/-h: display the help message

User and password wordlists
There´s a variety of sources for username and password wordlists. A few are listed below, but feel free to use others or create your own:

For http basic authentification a string in the form of username:password is encoded in base64.
The script takes every name in the supplied username file and combines it with every password in the supplied password file.
The output is written to a file called bruteforce.txt where every line contains one http basic authentification string.
Be aware that with large input files, the file size of bruteforce.txt will be huge so make sure you have enough disk space.

In the Test Files Directory you can find two simple input files: a user.txt file (contains 4 usernames) and a password.txt file (contains 6 passwords).
With this input, a bruteforce.txt file with 24 http basic authentification strings is created.
You can use https://www.base64decode.org/ to check if the strings are generated correctly.