Brutemap – Web Bruteforce Attack Tool

Brutemap is an open source penetration testing tool that automates testing accounts to the site’s login page, based on Dictionary Attack. With this, you no longer need to search for other bruteforce tools and you also no longer need to ask CMS What is this? only to find parameter forms, because brutemap will do it automatically.

Brutemap is also equipped with an attack method that makes it easy for you to do account checking or test forms with the SQL injection bypass authentication technique.

Main features with this tool are:

  • Load multiple targets.
  • Automatic authentication type detection.
  • Supported site page type: Webshell, HTTP Authentication and Slide (such as Google account login page).
  • HTTP authentication types supported: Basic and Digest (based on python-requests).
  • Several attack methods are available, such as: SQL Injection Bypass Authentication.
  • Create the result file (format .html).

User may update the list of passwords and username in the data folder to test accounts and use any information collected during the penetration testing attack. By default there is 6 domains including gmail, yahoo, zoho while for customized attack security tester should add the required domain to test and update remaining text files with more appropriate data.

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments