Antu7
python-bruteForce
Python

Brute Force Attack Tools Using Python

Last updated Jul 7, 2026
545
Stars
94
Forks
12
Issues
+2
Stars/day
Attention Score
89
Language breakdown
No language data available.
โ–ธ Files click to expand
README

Python Brute Force Attack Tools

A universal brute force tool with CSRF bypass support for both traditional form-based and JSON API logins.

Features

  • Form-based login (traditional HTML forms)
  • JSON API login (modern SPA/React/Vue/Angular sites)
  • Universal CSRF bypass (hidden inputs, meta tags, cookies, headers)
  • Auto-detection of login type, field names, and API endpoints
  • Multi-threaded with progress bar
  • Color-coded terminal output

Installation

pip install -r requirements.txt

Usage

python3 bruteforce.py

The tool walks you through 3 steps:

Step 1 โ€” Target Info

You'll be asked for:

  • Login page URL โ€” e.g. https://example.com/login
  • Username / email โ€” the account to test
  • Wrong password error message โ€” log in with a wrong password in your browser, copy the exact error text (check DevTools โ†’ Network โ†’ response body if needed)

Step 2 โ€” Review & Adjust

The tool auto-detects field names, login mode, and API endpoint by fetching the page. Review what it found and press Enter to accept, or type a new value to override.

Username field name [email]:
  Password field name [password]:
  API endpoint [https://example.com/api/login]:
  Login mode [auto]:

Login mode options: auto (use detected), form (HTML form POST), api (JSON POST).

Step 3 โ€” Attack Settings

  • Workers โ€” number of concurrent threads (default 10)
  • Password file โ€” path to your wordlist (default passwords.txt)
A summary is shown before starting. Confirm with Y to begin.

Example

Target login page URL: https://example.com/login
  Target username / email: admin
  Wrong password error message: Invalid email or password

โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ AUTO-DETECTING TARGET โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ [*] Fetching login page... [*] Detecting login type... [+] Detected: JSON API login (modern/SPA site) [+] Username field: email [+] Password field: password [+] API endpoint: https://example.com/api/login [+] CSRF token: csrfmiddlewaretoken [+] Auto-detection complete!

โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ RESULTS โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€

PASSWORD FOUND!

Username admin Password admin123


Finding the Error Message

If you're not sure what to enter for the error message:

  • Open the login page in your browser
  • Open DevTools (F12) โ†’ Network tab
  • Submit a wrong password
  • Click the login request โ†’ Response tab
  • Copy the exact error text from the response

CSRF Bypass

The tool automatically handles these CSRF protection methods:

| Method | Example | Frameworks | |--------|---------|------------| | Hidden Input | <input type="hidden" name="csrf_token"> | Django, Laravel, Rails | | Meta Tags | <meta name="csrf-token" c> | Rails, Laravel | | Cookies | XSRF-TOKEN cookie | Express, Spring | | Headers | X-CSRFToken header | Django REST Framework | | JavaScript | var csrfToken = "..." | Custom implementations |


Legal Disclaimer

Only use this tool on systems you own or have explicit permission to test.

Unauthorized access to computer systems is illegal. This tool is for:

  • Security researchers
  • Penetration testers
  • CTF players
  • Educational purposes

Resources

Contributing

Pull requests are welcome. For major changes, please open an issue first.

Happy Hacking ๐Ÿ”ฅ๐Ÿ”ฅ

๐Ÿ”— More in this category

ยฉ 2026 GitRepoTrend ยท Antu7/python-bruteForce ยท Updated daily from GitHub