RSYaba is tool to run brute force attacks against various services in a similar way to Hydra and Medusa. I started writing it as I found both had troubles with HTTP and getting SSH to work was fiddly so I though why not write my own.

It is written in Ruby so modifying the scripts is a lot simpler than having to change C/C++ code then recompile. All the modules so far are based on standard Ruby gems so they handle all the protocol stuff which means there is a nice level of abstraction for the actual attack framework.

While writing the HTTP module I added a feature that is missing in all the other HTTP bruteforcers I've tried, the ability to handle authentication that relies on a cookie already being set and, even stricter, forms that use unique tokens to prevent brute force attacks.

For more details, and to download, visit the RandomStorm site.

Support The Site

I don't get paid for any of the projects on this site so if you'd like to support my work you can do so by using the affiliate links below where I either get account credits or cash back. Usually only pennies, but they all add up.