RSYaba: Modular brute force attacker

RSYaba allows you to run brute force attacks against various services in a similar way to Hydra and Medusa.

The tool is written in Ruby so modifying the scripts is a lot simpler than having to change C/C++ code then recompile. All the modules so far are based on standard Ruby gems so they handle all the protocol stuff which means there is a nice level of abstraction for the actual attack framework.

While writing the HTTP module, a feature was added that is missing in all the other HTTP bruteforcers, the ability to handle authentication that relies on a cookie already being set and, even stricter, forms that use unique tokens to prevent brute force attacks.

The tool currently supports HTTP, MySQL, and SSH and new modules will be added to it and this page updated accordingly.




Share this