badtouch

badtouch is a scriptable network authentication cracker. While the space for common service bruteforce is already very well saturated, you may still end up writing your own python scripts when testing credentials for web applications.

The scope of badtouch is specifically cracking custom services. This is done by writing scripts that are loaded into a lua runtime. Those scripts represent a single service and provide a verify(user, password) function that returns either true or false. Concurrency, progress indication and reporting is magically provided by the badtouch runtime.

Wrapping python scripts

The badtouch runtime is still extremely bare bones, so you might have to shell out to your regular python script occasionally. Your wrapper my look like this:

descr = "example.com"

function verify(user, password)
    return execve("./docs/test.sh", {user, password}) == 0
end

Your python script may look like this:

import sys

if sys.argv[1] == "foo" and sys.argv[2] == "bar":
    # correct credentials
    exit(0)
else:
    # incorrect credentials
    exit(1)

LICENSE

GPLv3+