Scriptable network authentication cracker (formerly `badtouch`)

A .NET Standard library for pentesting web apps against credential stuffing attacks.

A database for storing, querying and doing stats on credential leaks

A hands-on security lab demonstrating how weak authentication code can be exploited and how to harden it. Includes a vulnerable Flask login page and an attacker script to simulate brute-force credential stuffing. Learn common auth flaws, defensive coding practices, and concrete steps to secure real-world apps.

Terminal based credential stuffing tool. Easy to build configs.

Instagram Penetration Testing and 2FA Detection

This script looks at a Email:password wordlist and Then attempts to locate the Imap server for the domains remaining. If a imap server responds the script will try to login via imap; if successful a hit will be logged in your results text file.

⚙️ Silverbullet Configs

Check for breached passwords with k-anonymity

A MyBB extension to reject breached passwords.

A tool to generate realistic looking email:pass combinations

Cred_Harvester_Stuffer makes a HTTP POST request to a given URL with randomly generated creds.

🔓 CLI tool to decrypt backup files exported from Bitwarden. This application is not affiliated with Bitwarden, Inc.

A naive demo on how to stop a credential stuffing attack.

Broken Authentication Lab This lab provides a hands-on demonstration of credential stuffing (using Postman +weakpass) and session hijacking (via low-entropy session IDs) against a vulnerable login.php app.

A Python script that parses and deduplicates credential dumps

SecureAura is a Dockerized microservices framework that defends authentication endpoints from timing-based side-channel attacks.

A comprehensive guide and implementation laboratory for web security best practices, focusing on modern frontend vulnerabilities and mitigation strategies.