npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

xhaust

v0.0.6

Published

Blazingly fast brute forcer made in Node.js, exhausting your logins... For science.

Downloads

10

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ha5efgcmz94gy5rgx42uzqmpha5efgcmz94gy5rgx42uzqmp

Keywords

bruteforcebruteforceopsecsecuritycybersecurity

Readme

xHaust

HitCount Package quality Build Status Coverage Status Licensing Repo size Downloads per week Node version Help us and star this project

A fast brute forcer made in Node.js, mostly capable of HTTP attacks. The main mantra of xHaust is speed, reliability and speed

xHaust achieves it's top speed by using the async module, it can execute password tries in parallel with a set limit. Note that Node.js is still single threaded and so is this library. Due to performance reasons the choice to not create multiple threads for this module has been respected, this is because most password tries are finished by the CPU before any other task completes and the CPU can easily exhaust (heh) request speeds before the requests can exhaust the CPU, making threads costly for this kind of goal.

THIS PROJECT IS NOT YET FINISHED, PLEASE COME BACK LATER

Installation

npm install -g xhaust

Usage

Usage: xhaust [options]

Options:
  -V, --version                        output the version number
  -a, --attackUri <attackUri>          protocol URI to attack
  -u, --user <user>                    username to use in attack payload
  -U, --userFile <userfile>            file full of usernames to use in attack payload
  -p, --pass <pass>                    password to use in attack payload
  -P, --passFile <passfile>            file full of passwords to use in attack payload
  -l, --limitParallel <limitParallel>  max parallel requests at a time
  -b, --batchSize <batchSize>          the get and post requests batch size
  -d, --dryRun <dryRun>                executes the attack in dry run mode
  -T, --test                           run attack on in built local http server for testing
  -v, --verbose                        Shows all debug messages
  -D, --debugFilter <debugFilter>      Filter debug messages
  -t, --tags <tags>                    tags to use for this attack seperated by hypens (Ex. http-post-urlencoded)
  -i, --input <input>                  input string to use as first scan structure data (Ex. form input names configurations)
  -o, --output <output>                output string to use as payload for attack, will replace :username: :password: and :csrf: with respectable values
  -g, --useGui                         enable gui
  -h, --help                           display help for command
Example call:
  $ xhaust -t -a http://somewebsite.com http-post-urlencoded -u admin -P passwords.txt -s 1000 -l 130 -i "csrf=token" -o "username=:username:&password=:password:&csrftoken=:csrf:"`

Project Layout

.
├── ...
├── xhaust.js               # Main class file of xHaust, handles most control flow
├── entry.js                # Entry file for unit tests, cli or otherwise
├── attacks                 # Houses attack middleware files, these are the
├── classes                 # Any class files that are not instanced automatically by xHaust
├── logs                    # Log files created by xHaust
├── metadata                # Metadata folder stores arbitrary data for example attack files
├── modules                 # A simple module object that performs basic tasks
├── packages                # Packages are classes that are imported and instanced by xHaust and are the internal workings
├── tests                   # Test folder that holds all test data
└── ...