Scriptable network authentication cracker
-
Updated
Dec 19, 2023 - Rust
#
credential-stuffing
Here are 24 public repositories matching this topic...
A .NET Standard library for pentesting web apps against credential stuffing attacks.
-
Updated
Dec 21, 2021 - C#
A database for storing, querying and doing stats on credential leaks
-
Updated
May 23, 2023 - Python
Instagram Penetration Testing and 2FA Detection
instagram security-audit authentication bruteforce cybersecurity penetration-testing infosec mobile-security two-factor-authentication 2fa ethical-hacking security-tools social-engineering password-cracking account-security security-testing account-takeover password-security credential-stuffing instagram-security
-
Updated
Sep 3, 2025 - Python
Terminal based credential stuffing tool. Easy to build configs.
raspberry-pi opensource checker python-script python3 blackhat brute-force cracking python-scripts terminal-app hacktoberfest redteam account-checker blackhat-python termux-hacking website-checker credential-stuffing openbullet account-checkers
-
Updated
Oct 8, 2024 - Prolog
The most comprehensive wordlist generation toolkit for pentest, red team, and security research. 25 subcommands: charset, profile, corp-users, default-creds, password-dna, DNS fuzzing, web scraping, ISP keygen, ICS/SCADA credentials, ML training, pipal analysis, and more. Python 3.8+ | pip install wfh-wordlist
python osint password-generator hacking password wordlist pip web-scraping cybersecurity brute-force scada pentest wordlist-generator offensive-security iot-security red-team ics-security default-credentials credential-stuffing dns-fuzzing
-
Updated
Jun 7, 2026 - Python
This script looks at a Email:password wordlist and Then attempts to locate the Imap server for the domains remaining. If a imap server responds the script will try to login via imap; if successful a hit will be logged in your results text file.
python tmux console email imap python-script hacking brute-force cracking termux hacking-tool email-checker redteam blackhat-python credential-stuffing email-bruteforce redteam-tools cracking-tool email-account-checker credential-check
-
Updated
May 1, 2025 - Python
⚙️ Silverbullet Configs
-
Updated
Sep 4, 2024
A MyBB extension to reject breached passwords.
-
Updated
May 31, 2024 - PHP
Check for breached passwords with k-anonymity
-
Updated
Jan 27, 2024 - Python
A tool to generate realistic looking email:pass combinations
-
Updated
Feb 16, 2024 - Go
Cred_Harvester_Stuffer makes a HTTP POST request to a given URL with randomly generated creds.
-
Updated
Sep 20, 2018 - Python
🔓 CLI tool to decrypt backup files exported from Bitwarden. This application is not affiliated with Bitwarden, Inc.
android windows macos linux security ios cryptography backup encryption aes password-manager pbkdf2 cybersecurity hmac sha256 aes-cbc argon2id hmac-sha256 credential-stuffing
-
Updated
Apr 25, 2026 - Dart
🔐 Credential stuffing attack tools | Automated login testing | NullSec Framework | @anonantics
python security authentication rate-limiting password cybersecurity brute-force pentest defense red-team credential-stuffing nullsec
-
Updated
Feb 10, 2026 - Python
Testing & evaluating password strength using passwordmeter.com analyzing complexity, attacks & best practices | Elevate Labs Cybersecurity Internship Task 6
internship password-manager cybersecurity password-strength brute-force dictionary-attack mfa security-awareness password-security credential-stuffing
-
Updated
Mar 26, 2026
A Python script that parses and deduplicates credential dumps
-
Updated
Oct 17, 2024 - Python
SecureAura is a Dockerized microservices framework that defends authentication endpoints from timing-based side-channel attacks.
react nodejs docker redis microservices monitoring argon2 postgresql rate-limiting constant-time side-channel timing-attacks threat-detection credential-stuffing username-enumeration brute-force-protection authentication-security
-
Updated
Dec 1, 2025 - TypeScript
-
Updated
Dec 15, 2024 - Go
Broken Authentication Lab This lab provides a hands-on demonstration of credential stuffing (using Postman +weakpass) and session hijacking (via low-entropy session IDs) against a vulnerable login.php app.
-
Updated
Sep 15, 2025 - PHP
Have I Been Pwned (HIBP) is Troy Hunt's free breach-notification and credential-exposure service. The HIBP API v3 lets clients search for email addresses, pastes, stealer-log entries, and monitored domains across the world's largest aggregated breach corpus. A separate free k-anonymity password lookup is offered at api.pwnedpasswords.com.
-
Updated
Jun 2, 2026
Improve this page
Add a description, image, and links to the credential-stuffing topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the credential-stuffing topic, visit your repo's landing page and select "manage topics."