News

[01/2020] - CINtruder v0.4 has been released... | mirror

Introduction

Captcha Intruder is an automatic pentesting tool to bypass captchas.

Media

* Shell: Banner [ +Zoom ]

CIntruder

* Shell: Cracking [ +Zoom ]

CIntruder

* GUI: Index [ +Zoom ]

CIntruder

* GUI: Training [ +Zoom ]

CIntruder

* GUI: Cracking [ +Zoom ]

CIntruder

* Video: Cracking captcha from url (Old Version!)

Packages

git clone http://code.03c8.net:3000/epsylon/cintruder

git clone https://github.com/epsylon/cintruder

+ Current:

- CIntruder-v0.4 (.zip) (md5:6326ab514e329e4ccd5e1533d5d53967) - torrent

- CIntruder-v0.4 (.tar.gz) (md5:2256fccac505064f3b84ee2c43921a68) torrent

--------------------------------

+ Previous:

- CIntruder-v0.3 (.zip) (md5:ec77d74b84f1dd80bd36febd351089df) - torrent

- CIntruder-v0.3 (.tar.gz) (md5:b61976ef6ef0dfd0b455174e193121dc) - torrent

- CIntruder-v0.2 (.tar.gz) (md5:0db5c5cafba21f0224fa9281622a3f45)

Docs

Slides [CIntruder-v0.2]- 2012 presented on THSF'12 (english)

Installation

CIntruder runs on many platforms. It requires Python (3.x.x) and the following libraries:

python3-pycurl - Python bindings to libcurl (Python 3)
python3-libxml2 - Python3 bindings for the GNOME XML library
python3-pil - Python Imaging Library (Python3)

On Debian-based systems (ex: Ubuntu), run:

sudo apt-get install python3-pycurl python3-libxml2 python3-pil

Python: https://www.python.org/downloads/
PyCurl: http://pycurl.sourceforge.net/
PyLibxml2: https://pypi.python.org/pypi/libxml2-python/
Python Imaging Library (PIL): http://pythonware.com/products/pil/

Usage

 cintruder [OPTIONS]

 Options:
  --version            show program's version number and exit
  -h, --help           show this help message and exit
  -v, --verbose        active verbose mode output results
  --proxy=PROXY        use proxy server (tor: http://localhost:8118)
  --gui                run GUI (CIntruder Web Interface)
  --update             check for latest stable version

  ->Tracking:
    --track=TRACK      download captchas from url (to: 'inputs/')
    --track-num=S_NUM  set number of captchas to download (default: 5)
    --tracked-list     list tracked captchas (from: 'inputs/')

  ->Configuration (training/cracking):
    --set-id=SETIDS    set colour's ID manually (use -v for details)

  ->Training:
    --train=TRAIN      train using common OCR techniques

  ->Cracking:
    --crack=CRACK      brute force using local dictionary

  ->Modules (training/cracking):
    --mod=NAME         set a specific OCR exploiting module
    --mods-list        list available modules (from: 'mods/')

  ->Post-Exploitation (cracking):
    --xml=XML          export result to xml format
    --tool=COMMAND     replace suggested word on commands of another tool. use
                       'CINT' marker like flag (ex: 'txtCaptcha=CINT')

Examples

* View help:

./cintruder --help

* Update to latest version:

./cintruder --update

* Launch web interface (GUI):

./cintruder --gui

* Simple crack from file:

./cintruder --crack "inputs/captcha.gif"

* Simple crack from URL:

./cintruder --crack "http://host.com/path/captcha_url"

* Simple crack from local, exporting results to a xml file:

./cintruder --crack "inputs/captcha.gif" --xml "test.xml"

* Simple crack from url, with proxy TOR and verbose output:

./cintruder --crack "http://host.com/path/captcha_url" --proxy="http://127.0.0.1:8118" -v

* Train captcha(s) from url, with proxy TOR and verbose output:

./cintruder --train "http://host.com/path/captcha_url" --proxy "http://127.0.0.1:8118" -v

* Track 50 captcha(s) from url, with proxy TOR:

./cintruder --track "http://host.com/path/captcha.gif" --track-num "50" --proxy "http://127.0.0.1:8118"

* List available modules (from "mods/"):

./cintruder --list

* Launch an OCR module to train a specific local captcha:

$ ./cintruder --train "inputs/easycaptcha.gif" --mod "module_invocation_name"

* Launch an OCR module to crack a specific online captcha, with verbose output:

./cintruder --crack "http://host.com/path/captcha_url" --mod "module_invocation_name" -v

* Replace suggested word by CIntruder after cracking a remote url on commands of another tool (ex: "XSSer"):

$ ./cintruder --crack "http://host.com/path/captcha_url" --tool "xsser -u http://host.com/path/param1=foo?txtCaptcha=CINT"

License

CIntruder is released under the terms of the General Public License v3 and is copyrighted by psy.

Support

To make donations use the following hash:

Bitcoin: 19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw

If you want to contribute to development, reporting a bug, providing a patch, commenting on the code base or simply need to find help to run it, please go to:

irc.freenode.net / channel: #cintruder

Also you can subscribe to the mailing list:

cintruder-users@lists.sf.net

If nobody gets back to you, then drop me an e-mail.