Bruteforcing Email Accounts With Specter.py

Hi Friends, I’m going to be talking about how to bruteforce an email account.

 

Theory Behind Bruteforcing

Bruteforcing a password is very simple, but very time to consuming, the way it works is that you use a dictionary and attempt to log in to the server with each password in the dictionary.

Dictionaries or wordlists are a text file with a whole list of potential passwords, wordlists  can be generated with tools such as,

Cupp

https://github.com/Mebus/cupp

Crunch

https://sourceforge.net/projects/crunch-wordlist/

BEWGor

https://github.com/berzerk0/BEWGor

Once there is a successful login then it will return the password.

 

Rule of Thumb

The larger the wordlist, the greater the chance of retrieving the password but it takes longer.

The smaller the wordlist, the less chance of retrieving the password but takes less time.

 

 

 

 

Why Is Gmail So Hard To Crack?

some services like Gmail use a feature called less secure apps, which prevents brute-forcing attacks, with this turned off you will get a lot of false positives but, on the other hand, if it’s turned on you will be able to brute-force a Gmail password.

 

 

 

 

Setting up Specter Bruteforcer

https://github.com/ethicalhackingplayground/specter

Download specter from GitHub with the following command.

git clone https://github.com/ethicalhackingplayground/specter.git

download_specter

Install Specter

python setup.py

How to use it?

This command will show you the arguments that are needed.

python specter.py -h

specter_help

python specter.py –username “email” –wordlist “wordlist” –server “smtp server” –port “smtp port” –verbosity “level”

specter_gmail_attack_progress

If you have any questions or problems please feel free to comment.

Donate if you want to support this website.

Leave a Reply