Brute Force Attacks

sshdfilter automatically blocks ssh brute force attacks by reading sshd log output in real time and adding iptables rules based on authentication failures. Block rules are created by logging on with an invalid user name, or wrongly guessing the password for an existing account. Block rules... Platforms: *nix

Sshguard protects networked hosts from the todays widespread brute force attacks against ssh servers. It detects such attacks and blocks the authors address with a firewall rule. This project is BSD licensed. How sshguard works Sshguard monitors ssh servers from their logging activity. It... Platforms: *nix

Brute Force Shell uses PHP (and some ShellScript) to protect your linux server against bruke force attacks. It also keeps a log in a MySQL database and have an email reporting system.  Platforms: Windows, Mac, *nix, PHP, BSD Solaris

LowAndSlow is a free utility that attempts low and slow brute force sign-ons against a selected FTP server, FTPS server, or SFTP server. Automatically resumes previous scan if interrupted. Customizable username and password lists. Platforms: Windows

THC-pptp-bruter is a brute force program against pptp vpn endpoints (tcp port 1723). Tested against Windows and Cisco gateways. Exploits a weakness in Microsofts anti-brute force implementation which makes it possible to try 300 passwords the second. THC-pptp-bruter currently only supports... Platforms: *nix

Default Wordpress installation is vulnerable to brute force and dictionary attacks, because there is no limit how many times user can use invalid password before finding the correct one. This plugin closes this security hole by introducing maximum number of invalid login attempts. When someone... Platforms: PHP

Simple UI to test the effectiveness of a heuristic algorithm against the brute force method for path finding among an arbitrary number of arbitrarily placed points on a grid. This is an educational project, don't expect new and better methods. Platforms: Mac

If your Windows server is publicly available on Internet, then there is a 100% probability that hackers, network scanners and brute force robots are trying to guess your Administator login and password - as we speak Using current logins and password dictionaries, they will automatically try to... Platforms: Windows, Windows 8, Windows 7

Algorithm::Knapsack is a brute-force algorithm for the knapsack problem. SYNOPSIS use Algorithm::Knapsack; my $knapsack = Algorithm::Knapsack->new( capacity => $capacity, weights => @weights, ); $knapsack->compute(); foreach my $solution ($knapsack->solutions()) { foreach my $index... Platforms: *nix

BanFromLog is a shell script that examines your /var/log/auth.log and searches for the IP addresses of login attempts which use non-existent user names. BanFromLog is configured for use with sqlite or MySQL. Well is truth that if you have only an user, you dont need this but, when you have... Platforms: *nix

w3bfukk0r is a forced browsing tool which scans Web servers for a directory by using the HTTP HEAD command and a brute force mechanism based on a word list. w3bfukk0r supports HTTP and HTTPS, does banner grabbing, and allows User-Agent faking.. Platforms: *nix

A shell script which determines by brute force the best compression format (bzip2, gzip, Z, zip, etc.) and which compression level to use in order to archive a file the smallest possible. Platforms: Mac, BSD, Linux

HumanSudokuSolver is intended to solve Sudoku puzzles in a way human beings would do (non brute force). It currently solves most of the puzzles I tried and can output a step-by-step solution. Developers who want to contribute are welcome! Platforms: Windows, Mac, Linux

A non-brute-force sudoku solver. Ukodos is sodoku backwards; According to wikipedia, Sodoku is a bacterial zoonotic disease. Platforms: Windows, Mac, Linux

Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Inguma includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler. Platforms: Mac

enumIAX is an Inter Asterisk Exchange version 2 (IAX2) protocol username brute-force enumerator. enumIAX may operate in two distinct modes; Sequential Username Guessing or Dictionary Attack. Platforms: *nix

Password auditing and recovery tool for Windows NT/2000/XP/2003. Accounts information import: import from local computer, import from remote computer, import from SAM file, import from .LC file, import from .LCS file, import from PwDump file, import from Sniff file. Passwords recovering by... Platforms: Windows

sshutout is a daemon that periodically monitors log files, looking for multiple failed login attempts via the Secure Shell daemon. sshutout is meant to mitigate what are commonly known as "dictionary attacks," i.e. scripted brute force attacks that use lists of user IDs and passwords to effect... Platforms: *nix

smspasswd software provides two factor authentication via cell phone short message service (SMS). The reason I wrote this was because of all the pesky SSH brute force attacks, which continue to build in numbers. I didn’t want to waste money and time on using tokens because the few people who... Platforms: *nix

TCP Knocking provides a port knocking implementation. Often a secure system needs a port open so that only authorized persons can access a particular service and also the service should not exposed to attackers and worms that may use vulnerabilities that exist in the listening server. Port... Platforms: *nix