[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] NiX - Linux Brute Force 1.0.3 update has been released



> Would you care to offer what particular tests you did to compare your tool
> to Hydra?
>
> Just curious.
>
> Ryan

Execuse my english. Here´s NiX advantages over Hydra:

---
Support all proxies: HTTP/SOCKS 4 and 5 proxy support -> Integrated proxy
randomization to defeat certain protection mechanisms -> Auto-removal of
dead or unreliable proxy and when site protection mechanism blocks the
proxy: Any site that is banning proxies after certain amount of failed
logins, you are just wasting your time with hydra on these sites.

Earlier someone said, i use proxychains to get more proxy support. Good
idea but when a proxy timeouts, it will make significant delay to your
check and you have no way to remove those proxies. When more proxies will
time out...FAIL.
---

FORM auto-detection & Manual FORM input configuration. -> Hydra does not
support cookie parameter at all when you configure manually form input.
For example strict site such as Webmin require cookie to be sent at the
begin or you are just wasting your time. NiX has significantly better FORM
mode and the FORM auto-detection is nice add-on especially for less
advanced users.

Obviously Hydra´s dev. are not real crackers as they did not added success
or failure key support also to basic authentication mode, there are sites
that give 200 OK reply when they ban proxy, again anyway with a single
proxy support you are pretty much fucked unlike with NiX.

Also, hydra will fail if the FORM is on HTTP page but the FORM target is
SSL ;) NiX has auto-detection logic to this as well and can brute all
these sites.

What I can currently see, Hydra´s advantages over NiX are:

Support for more protocols and because it´s written in pure C, it is a
less CPU intensive. It works also on various platforms unline NiX. I am
not saying it´s a bad tool but the above are the reason i decided to code
my own tool.


PS. I have coded NiX`s current features solely on my own in 1.5 months
with all testing while they have been developing it in a team for several
years?

Someone asked: "Why did you coded NiX cuz we have Hydra and they have been
doing it for years?"

The answer: I was not even aware of Hydra until a week ago someone asked
this question. The above features answers it in full why did I code it.

>
> On Nov 19, 2010, at 6:52 PM, nix@xxxxxxxxxxxxxxxx wrote:
>
>> There are several fixes done in this release compared to the 1st
>> version.
>> It is encouraged to upgrade to the latest version.
>>
>> To those who want to ask, does it outperform Hydra? Yes it does,
>> especially in basic auth and form mode.
>>
>> Full features and download: http://myproxylists.com/nix-brute-force
>> Changelog: http://myproxylists.com/NIX_BRUTE_FORCER.CHANGELOG
>>
>> Regards NiX Lead Developer
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/