Jump to content
YOUR-AD-HERE
HOSTING
TOOLS

Locked Conformer v0.6.1

0x1

By INACTIVE 0x1
in Brute|Checker|Parser

 Share

Recommended Posts

0x1 Little Hacker

INACTIVE 0x1

Posted
Posted

This is the hidden content, please

Conformer is a penetration testing tool, mostly used for external assessments to perform password based attacks against common webforms. 
Conformer was created from a need for password guessing against new web forms, without having to do prior burp work each time, and wanting to automate such attacks. 
Conformer is modular with many different parameters and options that can be customized to make for a powerful attack. Conformer has been used in countless assessments to obtain valid user credentials for accessing the internal environment through VPN, other internal resources or data to further the assessment.

About Mikhail Burshteyn

Mikhail Burshteyn is a security consultant at CDW, performing Penetration Tests. Mikhail currently performs External, Internal, Wireless, and Social Engineering assessments, testing the capabilities for wide range of clients and industries. He is interested in research in various security topics, including Networking, Web Apps, and Active Directory.

Key features:

    Basic Detection of Web Portals
    Modular

  •         SonicWallVOffice (SonicWall Virtual Office)
  •         CiscoSSLVPN
  •         Netscaler (Citrix Netscaler)
  •         OWA (Versions 2013/2016)
  •         Gmail (mail.google.com)
  •         Office365 (outlook.office.com)
  •         PaloAlto (GlobalProtect VPN)
  •         SharePoint (Not Office365 integrated)
  •         XenMobile
  •         AUTO (Autodetect module) (Can't be used with disable_check flag)
  •         SMB (Windows Auth. / supports NT Hash)

    Password=Username option
    Combo File option
    Threading
    Non-standard Ports
    Log and Debug files
    modules and parameters are case insensitive.
    Additional Parameters can be added besides username and password.

Syntax

This is the hidden content, please

Conformer at a bare minimum needs to be provided a host, username/file, password/file and module

Ex.
conformer.sh outlook.office.com ~/path/to/username/file Password1 Office365
conformer.sh 192.168.10.5 testuser Password1 SMB

Each Conformer module has a function that performs a basic check if the webpage has the portal password guessing is attempted on, (this can be bypassed with the "disable_check" parameter, should be used if basic check is wrong and falls to identify the portal as correct.)

Ex. 
# In this example, conformer is being used against google.com with the CiscoSSLVPN, the expected reply is that the portal is not compatible.
conformer.sh google.com testuser Password1 CiscoSSLVPN
Either not a CiscoSSLVPN portal, or not compatible version.
Exiting...

Download && Source :

This is the hidden content, please

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.