RSYaba: A Modular Brute Force Attacker!
RSYaba is a tool to run brute force attacks against various services in a similar way to Hydra and Medusa. The tool was written after bad experiences at getting existing tools working correctly with HTTP and SSH. So the authors decided to make a tool that would be easier to configure and could work according to them.
Hence, RSYaba was born! The tool is written in Ruby so modifying the scripts is a lot simpler than having to change C/C++ code then recompile. All the modules so far are based on standard Ruby gems so they handle all the protocol stuff which means there is a nice level of abstraction for the actual attack framework.
While writing the HTTP module, a feature was added that is missing in all the other HTTP bruteforcers, the ability to handle authentication that relies on a cookie already being set and, even stricter, forms that use unique tokens to prevent brute force attacks. It allows you to brute force web login forms taking into consideration sessions and control tokens which are designed to prevent brute forcing! In case, the web resource checks for the HTTP REFERRER, you can specify that with the –referrer directive and in case something like mod_security is checking user agent strings the user agent can be set with the –ua directive. So you see, the author has taken almost all measures while coding this application!
The tool currently supports HTTP, MySQL, and SSH and new modules will be added to it and will be updated accordingly.
Currently supports *nix system hope soon Windows systems are also added. You can run it in windows but need to eliminate lot of errors.
How to install RSYaba?
- Untar the tarball and make rsyaba.rb executable.
- For HTTP you’ll need the hpricot gem:sudo gem install hpricot
- For SSH, you will need to install the net-ssh gem in the following way:sudo gem install net-ssh
- For MySQL, you will need the mysql gem which on Debian depends on the mysql client dev libraries:sudo apt-get install libmysqlclient-dev
Example for HTTPS attack against a token protected site knowing the token is stored in the field token and that on a successful login the word “Success” is displayed on the screen
./rsyaba.rb https --host www.example.com --path /login/with_token.php -w 100_words.txt --success_message="Success" --token_field="token" -U robinDownlaod RSYaba v1.0 here