http Basic Bruteforce
Recently during a pentest I found a directory of a website that was protected by http basic authentication. Since http basic offers practically no protection against brute force attacks, I wanted to test at least the most common username/password combinations to see if it might be possible to access the directory.

Since I couldn’t find a suitable brute force list, I decided to write a small Python program to generate http basic brute force lists at any time in the future. …


In this post we show how to create a local version of the Haveibeenpwned password database. This can then be used to check passwords for security without the need for an internet connection.

What is Haveibeenpwned?

Haveibeenpwned is a website by security researcher Troy Hunt that collects leaked credentials from data breaches. As a user, you can enter your email address and then find out whether it has already been included in a data breach. You can also test your password in the same way.

If a password is contained in a breach, it should be changed immediately.

What is…

Christian Schwarz

IT-Security Consultant @ Inmodis GmbH (www.inmodis.de)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store