AOH :: HP Unsorted H :: VA1643.HTM

HTTPBruteForcer released
HTTPBruteForcer released
HTTPBruteForcer released

Hi there,

Due to the high number of requests, I have decided to release a fully
usable version of HTTPBruteForcer, the free and easy to use web-based
login forms' bruteforcer for Windows.
HTTP BruteForcer is a tool designed for webmasters, programmers and
websites administrators, or pentesters, to perfom a password strength
check against a simple web login form.

The old demo version was limited to a limited built-in wordlist.
The new public version let you use a custom wordlist. ( or default 
passwords list ) 

Download link and video demonstration: 
MD5: 0b1b50508d8a8fe68798a672515414ac
SHA1: 41eda9a2c47f581b319f80211ea85f880793664b 


HTTPBruteForcer requires Internet Explorer (IE WebBrowser ActiveX)
* This version has some limitations...
* It doesn't include proxys' support
* It doesn't support threads
* It doesn't include the "login-name" bruteforce functionnality
* Sources are not publicly available


To protect your websites against such attacks, we'll release soon a
detailed tutorial.
Anyway, programmers *must* use:
- Best programming practices (avoiding SQL Injection, XSS
vulnerabilities, user-supplied inputs checks, etc)
- Complexity for all and both users logins and passwords
- Max counter of logins attempts
- Captchas


Use this software at your own risks.
This software is provided "AS IS" and without warranty of any kind to
the extend allowed by the applicable law.
This software must only be used against your own website or with the
agreement of the owner of a website.
The author of this software does not warrant and does not assume any
responsibility concerning the use of this software.
The author can not be held responsible in case of illegal use of this
The user is the only responsible from their use. The author would not be
liable for any kind of damages, direct or indirect, resulting from a bad
use of this software.

Have a nice week-end.
Best regards

HTTPBruteForcer is coded by Jerome Athias, webmaster of (One of the most famous french IT security 
related website ;p).
HTTPBruteForcer is provided by JA-PSI, new French IT Security Company,

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to