Home page logo

pen-test logo Penetration Testing mailing list archives

Fwd: Bruter 1.1 released
From: Worawit Wang <worawita () gmail com>
Date: Tue, 4 Jan 2011 09:12:21 +0700

Sorry to everyone. I mistook copying the wrong openssl dll file into
the binary. I fixed it.

If you have a problem when starting the app, just download it again.

Worawit Wangwarunyoo

---------- Forwarded message ----------
From: Worawit Wang <worawita () gmail com>
Date: Sun, Jan 2, 2011 at 7:52 PM
Subject: Bruter 1.1 released
To: pen-test () securityfocus com

Bruter is a parallel network login brute forcer on Win32 platform only.
It currently (1.1) supports following services:
SSH2, Telnet, VNC, Web-Form

Source code, binary and documentation:

Changelog (since 1.0):
- Added protocols: PgSQL, SIP
- Auto detect "Max Attempt/Connection" when set it to -1
- Add "Password First" option (see documentation for more detail)
- Load/Save Setting also load/save service options
- Load/Save Setting also load/save state if program is testing (Save state)
- Added "wait for each try" option (to be able to slow down brute forcing)
- Display "found valid credential" message in message tab
- Fixed application sometimes crashs when using "Stop"
- Fixed maximum text length of message tab to unlimited
- Fixed HTTP library does not handle response code 100 correctly
- Fixed miscellaneous bugs
- Updated libssh2 binary to 1.2.6
- Updated openssl library to 1.0.0c
- Documentaion updates

- Able to detect multi-line greeting message sent in separate packets (faster)

SIP: (new)
- Support digest authentication with REGISTER method with expire=0 (unregister)
- Support TCP/TLS with SIP-TCP

- Allow multiple connections

- Modified the libssh2 to use less secure key exchange algorithm (a
little faster)
- Able to determine the connection state from libssh2 error (more reliable)
- Able to stop testing immediately

- Re-implemented for better understanding fields in login packet

PgSQL: (new)
- Support password, md5 authentication

Email (SMTP, POP3, IMAP):
- Support NTLM authentication
- POP3: Support PLAIN, LOGIN authentication

HTTP: (changed name from HTTP (Basic))
- Support NTLM authentication
- Supoort Digest authentication

Web Form: (changed name from HTTP (Form))
- Able to follow the 301,302 redirection (1 time) then checking the result
- Fixed old cookies are not cleared when using "Load Form" in option dialog
- Fixed POST method sending extra "\r\n\r\n" at the end (Thanks to faicker)

If you have any comments, suggestions and problems, feel free to email me.

Worawit Wangwarunyoo

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]