In this article, we are going to discuss a tool called the Breacher which is an open-source project by s0md3v.
What is Breacher?
The Breacher is an open-source tool written in python and it has some very useful features, but there is one basic functionality of this tool, which is to find admin login pages on websites. This tool checks the website and provides the URL to the potential login pages on the website.
- Multi-threading on demand
- Big path list (482 paths)
- Supports php, asp and html extensions
- Checks for potential EAR vulnerabilites
- Checks for robots.txt
- Support for custom patns
One of the best features of this tool is that it supports multithreading. The breacher also tests for Execution After Redirect(EAR) Vulnerabilities.
Open The Terminal and type the following commands
#clone the git repo git clone https://github.com/s0md3v/Breacher #change Directory to Breacher cd Breacher #to open the help menu in breacher python breacher.py -h
The help menu of the Breacher will look something like this.
- Check all paths with php extension
python breacher -u example.com --type php
- Checks all paths with php extension with threads
python breacher -u example.com --type php --fast
- Check all paths without threads
python breacher -u example.com
- Adding a custom path. For example if you want all paths to start with /data (example.com/data/…) you can do this:
python breacher -u example.com --path /data
Note: When you specify an extension using the –type option, Breacher includes paths of that extension as well as paths with no extensions like /admin/login
In the above picture, you can see that I have used a simple command python breacher.py – u <website>, and the tool automatically check if there is any robot.txt and then provide you with all the potential admin pages.
For More Blogs Like This Please Visit our blog page.