CIntruder: pentesting tool to bypass captchas


18/04/2013 - CInet feature (--send-net) is DEPRECATED!

27/12/2012 - Created GitHub at:


Captcha Intruder is an automatic pentesting tool to bypass captchas.


Code runs on many platforms. It requires Python and the following libraries:

- python-pycurl - Python bindings to libcurl
- python-libxml2 - Python bindings for the GNOME XML library
- python-imaging - Python Imaging Library

On Debian-based systems (ex: Ubuntu), run:

sudo apt-get install python-pycurl python-libxml2 python-imaging


cintruder [OPTIONS]


--version show program's version number and exit
-h, --help show this help message and exit
-v, --verbose active verbose mode output results
--proxy=PROXY use proxy server (tor: http://localhost:8118)
--track=TRACK download a number of captchas from url (to: 'inputs/')
--train=TRAIN apply common OCR techniques to captcha
--crack=CRACK brute force using local dictionary (from: 'iconset/')
--xml export result to xml format

Advanced OCR (training):

--set-id=SETIDS set colour's id manually (use -v for details)
--editor launch an editor to apply image filters

Modules (training):

--list list available modules (from: 'core/mods/')
--mod=NAME train using a specific OCR exploiting module

Handlering (cracking):

--tool=COMMAND replace suggested word on commands of another tool. use
'CINT' marker like flag (ex: 'txtCaptcha=CINT')

CIntruderNet (''):

--send-net send resolved captcha to CIntruderNet
--view-net visit distributed online dictionary website


If you have interesting examples of usage about CIntruder, please send an email.


* Simple crack from file:

$ python cintruder --crack "captcha.gif"
* Simple crack from URL:

$ python cintruder --crack ""
* Simple crack, exporting results to xml file

$ python cintruder --crack "captcha.gif" --xml "test.xml"
* Simple crack, with proxy TOR and verbose output

$ python cintruder --crack "" --proxy="" -v
* Train captcha(s) from url, with proxy TOR and verbose output

$ python cintruder --train "" --proxy "" -v
* Track 50 captcha(s) from url with proxy TOR

$ python cintruder --track "" "50" --proxy ""
* List available modules (from core/mods/)

$ python cintruder --list
* Launch an OCR module to train a specific local captcha

$ python cintruder --train "inputs/easycaptcha.gif" --mod easy
* Launch an OCR module to crack a specific online captcha, with verbose output

$ python cintruder --crack "" --mod easy -v
* Replace suggested word by CIntruder after cracking, on input commands of another tool (ex: XSSer)

$ python cintruder --crack "" --tool "xsser -u¶m2=bar&txtCaptcha=CINT"
* Send online captcha cracked to distributed online dictionary (CInet)

$ python cintruder --crack "" --send-net
* Visit distributed online dictionary (CInet) website (

$ python cintruder --view-net


If you have interesting videos about CIntruder, please send an email.


Version of CIntruder (v0.1):

- CIntruder: Cracking captcha from url

- CIntruder: Presentation on THSF 2012 (english)


================= April 27, 2012: =================

- Code cleaning
- Rebuiled input parameter options
- Created OCR modularity (core/mods)
- Added --list modules option
- Added --mod selector option
- Builded module example (easy captcha)
- Added handlering with other tools
- Added connectivity with Ostatus
- Created distributed online dictionary
- Added launcher to view CIntruderNet
- Updated docs

================= April 1, 2012: =================

- Created OCR techniques
- Created Brute forcing techniques
- Builded main core
- Builded options parser
- Created Curl handlers
- Created 'track' option
- Created 'train' option
- Created 'crack' option
- Added proxy option
- Added XML exporting option
- Added verbose outputs results
- Added colour's id calibration
- Added noise advanced option


If you have interesting documentation about CIntruder, please send an email.



CIntruder is released under the terms of the General Public License v3 and is copyrighted by psy


psy - GPG Public ID Key: 0xB8AC3776


If you want to contribute to CIntruder development, reporting a bug, providing a patch, commenting on the code base or simply need to find help to run CIntruder, drop me an e-mail.

Please, add one link to this site when you report some Captcha vulnerabilities founded by CIntruder.


CIntruder is actively looking for new sponsors and funding.

If you or your organization has an interest in keeping CIntruder, please contact directly.

To donate some bitcoins use this hash: 1Q63KtiLGzXiYA8XkWFPnWo7nKPWFr3nrc