Brutemap – Tool For Automatic Web Application Brute Force Attack

Brutemap Tool For Automatic Web Application Brute Force Attack xploitlab

If you ask “How to brute force a web ?” this tool is the answer. Brutemap is an automatic Brute Force Attack to log in into admin panel or something like that, this tool it also scan the admin page and detect the authentication type. Coded By April Hijrian


Brutemap is an open source penetration testing tool that automates testing accounts to the site’s login page, based on Dictionary Attack. With this, you no longer need to search for other bruteforce tools and you also no longer need to ask CMS What is this? only to find parameter forms, because brutemap will do it automatically. Brutemap is also equipped with an attack method that makes it easy for you to do account checking or test forms with the SQL injection bypass authentication technique.


  • Load multiple targets.
  • Automatic authentication type detection.
  • Supported site page type: WebshellHTTP Authentication and Slide (such as Google account login page).
  • HTTP authentication types supported: Basic and Digest (based on python-requests).
  • Several attack methods are available, such as: SQL Injection Bypass Authentication.
  • Create the result file (format .html).


Brutemap uses selenium to interact with the website. So, you need to install Web Driver for selenium first. See here. If you have installed the git package, you only need to clone the repository Git. Like this :

git clone

And, install the required modules :

pip install -r requirements.txt


Brutemap Tool For Automatic Web Application Brute Force Attack

For basic use :

python -t -u admin -p abc, root, default

To display a list of available options :

python -h

For more information about available options, you can visit the User’s manual.


Before contributing to this project, please read the contributing guidelines.


We hope you are happy and we hope you donate! Please donate today to: (thanks!)


You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

five + 2 =