Penetration Testing: Fwd: Bruter 1.1 released

[Worawit Wang <worawita () gmail com>]

Sorry to everyone. I mistook copying the wrong openssl dll file into
the binary. I fixed it.

If you have a problem when starting the app, just download it again.

Worawit Wangwarunyoo


---------- Forwarded message ----------
From: Worawit Wang <worawita () gmail com>
Date: Sun, Jan 2, 2011 at 7:52 PM
Subject: Bruter 1.1 released
To: pen-test () securityfocus com


Bruter is a parallel network login brute forcer on Win32 platform only.
It currently (1.1) supports following services:
FTP, HTTP, IMAP, MSSQL, MySQL, POP3, PgSQL, SIP, SMB, SMTP, SNMP,
SSH2, Telnet, VNC, Web-Form

Source code, binary and documentation:
http://sourceforge.net/projects/worawita

Changelog (since 1.0):
- Added protocols: PgSQL, SIP
- Auto detect "Max Attempt/Connection" when set it to -1
- Add "Password First" option (see documentation for more detail)
- Load/Save Setting also load/save service options
- Load/Save Setting also load/save state if program is testing (Save state)
- Added "wait for each try" option (to be able to slow down brute forcing)
- Display "found valid credential" message in message tab
- Fixed application sometimes crashs when using "Stop"
- Fixed maximum text length of message tab to unlimited
- Fixed HTTP library does not handle response code 100 correctly
- Fixed miscellaneous bugs
- Updated libssh2 binary to 1.2.6
- Updated openssl library to 1.0.0c
- Documentaion updates

FTP:
- Able to detect multi-line greeting message sent in separate packets (faster)

SIP: (new)
- Support digest authentication with REGISTER method with expire=0 (unregister)
- Support TCP/TLS with SIP-TCP

SMB:
- Allow multiple connections

SSH2:
- Modified the libssh2 to use less secure key exchange algorithm (a
little faster)
- Able to determine the connection state from libssh2 error (more reliable)
- Able to stop testing immediately

MSSQL:
- Re-implemented for better understanding fields in login packet

PgSQL: (new)
- Support password, md5 authentication

Email (SMTP, POP3, IMAP):
- Support NTLM authentication
- POP3: Support PLAIN, LOGIN authentication

HTTP: (changed name from HTTP (Basic))
- Support NTLM authentication
- Supoort Digest authentication

Web Form: (changed name from HTTP (Form))
- Able to follow the 301,302 redirection (1 time) then checking the result
- Fixed old cookies are not cleared when using "Load Form" in option dialog
- Fixed POST method sending extra "\r\n\r\n" at the end (Thanks to faicker)


If you have any comments, suggestions and problems, feel free to email me.

Worawit Wangwarunyoo

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------