Conformer – Password Guessing for different Web Portals

Conformer is a penetration testing tool, mostly used for external assessments to perform password based attacks against common webforms. This tool was created from a need for password guessing against new web forms, without having to do prior burp work each time, and wanting to automate such attacks.

Conformer – Password Guessing for different Web Portals

The tool is modular with many different parameters and options that can be customized to make for a powerful attack. conformer has been used in countless assessments to obtain valid user credentials for accessing the internal environment through VPN, other internal resources or data to further the assessment.

Currently the tool support following portal types:

  • SonicWallVOffice
  • CiscoSSLVPN
  • Netscaler
  • OWA (versions 2013/2016)
  • Gmail (Host: (Google throttling authentication attempts)
  • Office365 (Host:
  • PaloAlto (GlobalProtect)
  • SharePoint
  • XenMobile
  • XenApp (Incomplete)
  • Okta (Incomplete)
  • AUTO (Attempt autodetect module)

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments