In this article, we are going to discuss a tool called the Breacher which is an open-source project by s0md3v.
What is Breacher?
The Breacher is an open-source tool written in python and it has some very useful features, but there is one basic functionality of this tool, which is to find admin login pages on websites. This tool checks the website and provides the URL to the potential login pages on the website.
Features
- Multi-threading on demand
- Big path list (482 paths)
- Supports php, asp and html extensions
- Checks for potential EAR vulnerabilites
- Checks for robots.txt
- Support for custom patns
One of the best features of this tool is that it supports multithreading. The breacher also tests for Execution After Redirect(EAR) Vulnerabilities.
Installation
Open The Terminal and type the following commands
#clone the git repo
git clone https://github.com/s0md3v/Breacher
#change Directory to Breacher
cd Breacher
#to open the help menu in breacher
python breacher.py -hThe help menu of the Breacher will look something like this.
Usage Commands
- Check all paths with php extension
python breacher -u example.com --type php- Checks all paths with php extension with threads
python breacher -u example.com --type php --fast- Check all paths without threads
python breacher -u example.com- Adding a custom path. For example if you want all paths to start with /data (example.com/data/…) you can do this:
python breacher -u example.com --path /dataNote: When you specify an extension using the –type option, Breacher includes paths of that extension as well as paths with no extensions like /admin/login
Demo
In the above picture, you can see that I have used a simple command python breacher.py – u <website>, and the tool automatically check if there is any robot.txt and then provide you with all the potential admin pages.
Important Links
For More Blogs Like This Please Visit our blog page.
