Warning
THIS PROJECT IS IN BETA. IF THERE ARE ANY BUGS OR PROBLEMS, PLEASE REPORT THEM TO Issue
Cerberus offers customizable plugin functionality and proxy support, encompassing both standard proxies and Tor. Its user-friendly interface includes a custom terminal, and it features a flexible response check mechanism accepting Status Code, JSON Data, Status Text, and Full Response Text as valid responses.
Note
Significantly, the process verifies the presence of a designated key within the JSON response.
git clone /~https://github.com/kayake/cerberus.git && cd cerberus && pip install -r requirements.txtNote
We recommend using git clone /~https://github.com/kayake/cerberus.git && cd cerberus && poetry install.
python3 crbs.pyWarning
For version compatibility details, please consult the Security Policy document.
To enhance anonymity, proxy servers or Tor should be configured. Cerberus simplifies this configuration process, thereby improving overall anonymity.
Two methods exist for proxy configuration: command-line interface or a configuration file (config.yaml)
cerberus > config --set proxy.address 127.0.0.1:8080
cerberus > config --set proxy.protocol httpThe file should be formatted as follows:
proxy:
address: 127.0.0.1:8080
protocol: httpFurthermore, you can generate and configure a proxy list as follows:
cerberus > config --set proxies your/proxies_listImportant
The proxy list must follow a structure. Proxies List Stucture
As previously discussed, modifying the .yaml file offers the simplest approach, as follows:
proxies: my/proxy/list
proxy:
address: 127.0.0.1
protocol: httpNote
As previously discussed, adherence to a defined structure for proxy list configuration is required.
The proxy list must adhere to the following structure:
host:port protocol
user:password@host:port protocolTo utilize Tor, adhere to these fundamental steps:
~$ tor --hash-password "<your_plain_text_password>"
~$ sudo nano /etc/tor/torrcImportant
The password is optional
ControlPort 9051 # Control port (you can choose another port if needed)
HashedControlPassword <hashed_password> # Encrypted password (Optional)
# CookieAuthentication 1 # Optional (cookie-based authentication)
C:\> cd "C:\Users\<YourUser>\Desktop\Tor Browser\Browser\TorBrowser\Tor"
C:\> tor.exe --hash-password "<your_plain_text_password>"Note
This step is optional
If you installed the Tor Browser, the torrc file is usually located at:
C:\Users\<YourUser>\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrcOpen it with a text editor (e.g., Notepad++)
ControlPort 9051
HashedControlPassword <hashed_password>
tor:
protocol: socks5
port: 9050
control_port: 9051
password: my_hashed_password # if there ins't password, leave it nullNow we can use Tor. Use option --tor (in attack command).
cerberus > attack -u https://example.com/ -D user=^USER^&pass=^PASS^ -R 401 -T 6 --tor --random-agent -l admin -P password/list.txtTip
When using Tor, limit the number of threads.
The --tor option may be replaced with --proxy or --proxies.
To extend functionality, plugins may be added. Should you require a new plugin, please create a single file and place it within the lib/plugins/ directory. The file must adhere to the following structure:
# lib/plugins/test/hello.world.py
class MyClass:
description = "My First Plugin!"
""" A generic Class Name """
def __init__(self, this):
self.this = this # lib/core/shell/handler.py properties
def run(self, arguments):
print("Hello world!")
""" Getting arguments """
for argument in arguments:
print(argument)Subsequently, execute the plugin.
cerberus > plugin list
==================================================
test/hello.world.py - My First Plugin!
==================================================
cerberus > plugin use test/hello.world.py
cerberus test(test/hello.world.py) > a ay au
Hello world!
a
ay
au
cerberus test(test/hello.world.py) > cerberus > ?
help - It helps you
attack - Start the bruteforce attack
plugin - Use any plugins in /lib/plugins/
config - Configure your configuration file
cerberus >