An HTTP Login Bruteforcer written in Python
- Python 3.x
minotaur.py: The main script file.username.txt: A text file containing a list of usernames.password.txt: A text file containing a list of passwords.req.txt: A text file containing the request in Curl format.
User enumeration:
python3 minotaur.py -user-enum -u /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt -d req.txtBruteforce via HTTP GET method:
python3 minotaur.py -h http://api.example.org/v1/login -u username.txt -p password.txt -m http-get -d "username=^USER^&password=^PASS^"Bruteforce via HTTP POST method:
python3 minotaur.py -h http://api.example.org/v1/login -u username.txt -p password.txt -m http-post -d "{\"email\":\"^USER^\",\"password\":\"^PASS^\"}"Bruteforce via Authorization Basic method:
python3 minotaur.py -h http://api.example.org/v1/login -u username.txt -p password.txt -m basic -d "anypayload"Bruteforce via a request template:
The format must be like the req.txt file inside this repository (Curl format). It can be taken inside Browser Dev tools by copying into curl format.
python3 minotaur.py -d req.txt -u username.txt -p password.txt