Arkhota is a web (HTTP/S) brute forcer for Android.
Why?
A web brute forcer is always in a hacker's computer, for obvious reasons. Sometimes attacks require to be quick or/and with minimal device preparation. Also a phone takes less attention rather than a laptop/computer. For this situations here's Arkhota.
Usage
Explanation is in order of objects in the APK from top to bottom.
Banner
Banner, version & author
You can long click to version to see about page.
Connection
URL (required)
An URL to make request.
Body
You need to specify a body if you are going to make a POST request.
Userlist / Wordlist
Userlist selector
Single: Sets a single username
Generate: Generates runtime with given options
Wordlists: Sets prepared wordlist
Custom wordlist: You can place your custom wordlist to /sdcard/ABF/
Then this selector will have it (if required permissions given.).
Username box
You need to specify a username if you selected Single.
Charset selectors
[W] You need to specify charset, min & max length to generate runtime.
If you selected Generate, checkboxes will help you to select._
Prefix & Suffix
You can specify prefix & suffix to be added to your username
It's same for the password part too.
Configuration
Beep switch
Beeps if attack success.
Fail/Success switch
Decides how to react connection response
POST/GET switch
Decides type of connection
User-Agent
_Sets user-agent for connection.
if "Original UA" set, then original user-agent set
Othervise given text will set to user-agent_
tip: It has autocomplete for several user-agents, all of them starts with "Mozilla", type and select one if you don't want to expose your original ua, but you don't know what to set
Timeout
Sets timeout for connection, in milliseconds
Cookie
Sets cookie value for connection
Regex (required)
Determines what to look in connection response
Empty box
Tried username:password pairs & result will shown there.
[W] Start
Starts attack!
Important
URL & Body: USER & PASS are placeholders for username and password. You need to place them in url or the body (depends what type you choose to connection)
Regex & Fail/Success switch: These two determines the result of the attack.
If switch points to "Fail", and if given regex found in the response, this means, this is a fail, continue to attack.
if switch points to "Success", and if given regex found in response, this means this is a success!, write result to empty box (in format "FOUND: username:password") and stop the attack.
Copying: Long click on the empty box will copy the content. if password found, it copies in username:password format Otherwise copies whole content.
If attack is over and unsuccessful, it just stops at the last user:password.
FOR tool @https://t.me/crackvaultde
Support Crack-Vault and help us keep providing free tools. Every donation counts!
(BTC) Address: bc1qhhva8uplmkaa3kkwxnux9t3y6l6kmhnwqzktzn
