Skip to content
/ cubeSpraying Public

cubeSpraying performs a Password Spraying attack against a Roundcube Webmail application. Password Spraying is a technique where an attacker attempts one password against many users to avoid being locked out due to multiple failed login attempts.

License

GPL-3.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

robotshell/cubeSpraying

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cubeSpraying.py
cubeSpraying.py
 
 

Repository files navigation


cubeSpraying

cubeSpraying performs a Password Spraying attack against a Roundcube Webmail application. Password Spraying is a technique where an attacker attempts one password against many users to avoid being locked out due to multiple failed login attempts.

Description

cubeSpraying attempts to log in to Roundcube Webmail using a list of usernames and a list of passwords. Various parameters can be specified to adjust the script's behavior, including a verbose mode and a timeout between login attempts.

Key Features

  • Password spraying: Attempts one password against multiple users before moving to the next password.
  • Verbose mode: Displays details of each login attempt.
  • Timeout: Allows specifying a wait time between each login attempt.
  • Session handling: Uses requests sessions to handle cookies and authentication tokens.
  • Flexible input: Accepts either a single value or a file containing multiple values for both usernames and passwords.

Flexible Input Options

cubeSpraying can take either a single value or a file containing multiple values for both usernames and passwords:

  • Usernames: You can pass a single username or a file containing a list of usernames, one per line.
  • Passwords: You can pass a single password or a file containing a list of passwords, one per line.

This flexibility allows for easy and quick testing with single credentials as well as comprehensive testing with large lists of usernames and passwords.

Requirements

  • Python 3.x
  • Libraries: requests

Installation

  1. Clone this repository or download the files.

    git clone https://github.com/robotshell/cubeSpraying.git

  2. Navigate to the project directory.

    cd cubeSpraying

  3. Install the requests library if you don't have it installed.

    pip install requests

Usage

Run the script with the following parameters:

python cubeSpraying.py --url URL --usernames USERNAMES --passwords PASSWORDS [--verbose] [--timeout TIMEOUT]

Disclaimer

This tool is intended for educational and research purposes only. The author and contributors are not responsible for any misuse of this tool. Users are advised to use this tool responsibly and only on systems for which they have explicit permission. Unauthorized access to systems, networks, or data is illegal and unethical. Always obtain proper authorization before conducting any kind of activities that could impact other users or systems.

About

cubeSpraying performs a Password Spraying attack against a Roundcube Webmail application. Password Spraying is a technique where an attacker attempts one password against many users to avoid being locked out due to multiple failed login attempts.

Topics

script password bruteforce pentesting roundcube-webmail bruteforce-attacks redteaming roundcubemail spraying red-team-tools

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages