NexusBrute v2.6.0 - Authentication Bypass Tester

⭐ What's New

🔐 Authentication Bypass Tester Module

Professional authentication security testing with 5 attack categories:

Core Capabilities:

1. Default Credentials Testing

• 20 common username/password combinations
• Includes: admin:admin, root:root, administrator, guest, etc.
• Automatic success detection
• CRITICAL severity classification

2. Session Fixation

• Tests pre-set session ID acceptance
• Session regeneration validation
• HIGH severity vulnerabilities

3. Cookie Manipulation

• 8 bypass techniques:
  • admin=true, isAdmin=1
  • role=admin, user_type=admin
  • authenticated=true, logged_in=1
  • auth=1, is_authenticated=true
• HIGH severity classification

4. JWT Token Manipulation

• None Algorithm Attack (signature removal)
• Role manipulation (elevate to admin)
• User ID tampering
• CRITICAL severity vulnerabilities

5. Password Reset Testing

• Token reusability
• Predictable token detection
• Empty token bypass
• CRITICAL severity

Key Features:

• 🎯 30+ attack techniques across 5 categories
• 🔍 Selective test execution
• 📊 Severity-based classification
• ⚡ Real-time progress tracking
• 📝 Detailed vulnerability reports
• 💾 JSON and CSV export

---

🔧 Configuration

{
  "authBypass": {
    "targetUrl": "https://example.com/login",
    "passwordResetUrl": "https://example.com/reset-password",
    "jwtToken": "",
    "tests": ["all"],
    "delay": 500,
    "useProxy": false
  }
}

Test Options:

• "all" - Run all tests
• "default_credentials" - Default creds only
• "session_fixation" - Session testing only
• "cookie_manipulation" - Cookie bypass only
• "jwt_manipulation" - JWT testing only
• "password_reset" - Reset vulnerabilities only

---

📊 Example Output

🔐 Authentication Bypass Tester Started
================================================================
Target: https://example.com/login
Tests: all

🔍 Testing Default Credentials...
✗ VULNERABLE: admin:admin - Status: 200
✗ VULNERABLE: root:root - Status: 200

🔍 Testing Session Fixation...
✗ VULNERABLE: Session ID not regenerated

🔍 Testing Cookie Manipulation...
✗ VULNERABLE: admin=true

🔍 Testing JWT Token Manipulation...
✗ VULNERABLE: None Algorithm

📊 Authentication Bypass Summary
================================================================
⚠️  Total Vulnerabilities: 5

defaultCredentials:
  • DEFAULT_CREDENTIALS (CRITICAL)
sessionFixation:
  • SESSION_FIXATION (HIGH)
cookieManipulation:
  • COOKIE_MANIPULATION (HIGH)
jwtManipulation:
  • JWT_MANIPULATION (CRITICAL)

Time elapsed: 12.34s

---

💡 Use Cases

• Penetration Testing: Identify auth weaknesses
• Security Audits: Validate authentication mechanisms
• Bug Bounty: Find authentication bypasses
• Compliance: Meet security testing requirements
• DevOps: Integrate into CI/CD pipelines

---

📦 Complete Feature Set (14 Modules)

1. Smart Brute Force
2. Password Generator
3. Rate Limit Checker
4. Wordlist Optimizer
5. API Fuzzer
6. SQL Injection Tester
7. DDoS Tester
8. JWT Analyzer
9. Header Injection Tester
10. WebSocket Security Tester
11. Subdomain Enumerator
12. Multi-Target Campaign Manager
13. SSL/TLS Analyzer
14. Authentication Bypass Tester ⭐ NEW!

---

🚀 Installation & Upgrade

New Installation:

git clone https://github.com/PicoBaz/NexusBrute.git
cd NexusBrute
npm install axios chalk ws
node index.js

Upgrade from v2.5.0:

git pull origin main

Add to config.json:

{
  "authBypass": {
    "targetUrl": "https://example.com/login",
    "tests": ["all"]
  }
}

---

🔍 What It Detects

CRITICAL:

• Default credentials acceptance
• JWT None Algorithm bypass
• Password reset token issues

HIGH:

• Session fixation vulnerabilities
• Cookie-based authentication bypass

Attack Techniques:

• 20 default credential combinations
• 8 cookie manipulation methods
• 3 JWT manipulation attacks
• Session regeneration testing
• Password reset exploitation

---

📈 Benefits

• ⚡ Fast Testing: 30+ techniques in seconds
• 🎯 Comprehensive: Covers all major auth vulnerabilities
• 📊 Detailed Reports: JSON/CSV with severity levels
• 🔒 Best Practices: Aligned with OWASP standards
• 💾 Automation Ready: Perfect for CI/CD

---

⚠️ Legal Notice

FOR AUTHORIZED TESTING ONLY. Obtain explicit permission before testing.

---

📞 Contact

• GitHub: @PicoBaz
• Email: picobaz3@gmail.com
• Telegram: @picobaz

---

Full Changelog: v2.5.0...v2.6.0

Use Responsibly. Test Ethically. Secure Everything. 🌌

Made with ❤️ by @PicoBaz

NexusBrute v2.5.0 - SSL/TLS Security Analyzer

🔒 NexusBrute v2.5.0 - SSL/TLS Security Analyzer

🚀 Release Highlights

NexusBrute v2.5.0 introduces the SSL/TLS Analyzer, a comprehensive module for testing SSL/TLS configurations, certificate validation, and transport layer security across your infrastructure.

---

⭐ What's New

🔒 SSL/TLS Analyzer Module

Professional-grade SSL/TLS security testing with complete certificate analysis:

Core Capabilities:

• Protocol Testing: Detects support for SSLv3, TLS 1.0/1.1/1.2/1.3
• Cipher Analysis: Identifies weak ciphers (RC4, DES, 3DES, MD5, NULL)
• Certificate Validation: Expiration, validity, self-signed detection
• Key Size Check: Validates RSA/ECDSA key sizes (2048-bit minimum)
• Signature Analysis: Detects weak algorithms (SHA-1)
• Chain Verification: Validates complete certificate trust chain
• SAN Enumeration: Lists all Subject Alternative Names
• HTTPS Redirect: Tests HTTP to HTTPS redirection
• HSTS Validation: Checks Strict-Transport-Security configuration
• Auto Severity: CRITICAL/HIGH/MEDIUM/LOW classification

Vulnerability Detection:

• Deprecated SSL/TLS protocols (SSLv3, TLS 1.0, TLS 1.1)
• Weak cipher suites
• Expired or invalid certificates
• Self-signed certificates
• Weak key sizes (< 2048-bit)
• Weak signature algorithms
• Missing HSTS headers
• Incomplete certificate chains
• No HTTPS redirect

---

🔧 Configuration

{
  "sslAnalyzer": {
    "target": "example.com"
  }
}

Supports:

• Domain names: "example.com"
• With ports: "example.com:8443"
• IP addresses: "93.184.216.34"

---

📊 Example Output

🔒 SSL/TLS Analyzer Started
================================================================
Target: example.com

✓ Successfully connected to example.com:443
  Protocol: TLSv1.3
  Cipher: TLS_AES_256_GCM_SHA384

🔍 Analyzing Certificate...
  Subject: example.com
  Issuer: DigiCert TLS RSA SHA256 2020 CA1
  Valid From: Jan 30 00:00:00 2024 GMT
  Valid To: Mar 01 23:59:59 2025 GMT

✓ Certificate valid (95 days remaining)
✓ Key size: 2048 bits
✓ Signature algorithm: sha256WithRSAEncryption

🔍 Testing SSL/TLS Protocol Support...
✓ SSLv3 not supported
✓ TLSv1.0 not supported
✓ TLSv1.1 not supported
✓ TLSv1.2 not supported
✗ TLSv1.3 supported

🔍 Testing HSTS...
✓ HSTS header present
  max-age=31536000; includeSubDomains

📊 SSL/TLS Analysis Summary
================================================================
✓ No critical vulnerabilities detected
Time elapsed: 3.21s

---

💡 Use Cases

• Compliance Audits: PCI-DSS, HIPAA, SOC 2 certificate validation
• Security Assessments: Identify SSL/TLS misconfigurations
• Certificate Management: Track expiration dates
• DevOps: Automated SSL/TLS testing in CI/CD
• Monitoring: Regular security posture validation

---

📦 Complete Feature Set (13 Modules)

1. Smart Brute Force
2. Password Generator
3. Rate Limit Checker
4. Wordlist Optimizer
5. API Fuzzer
6. SQL Injection Tester
7. DDoS Tester
8. JWT Analyzer
9. Header Injection Tester
10. WebSocket Security Tester
11. Subdomain Enumerator
12. Multi-Target Campaign Manager
13. SSL/TLS Analyzer ⭐ NEW!

---

🚀 Installation & Upgrade

New Installation:

git clone https://github.com/PicoBaz/NexusBrute.git
cd NexusBrute
npm install axios chalk ws
node index.js

Upgrade from v2.4.0:

git pull origin main

Add to config.json:

{
  "sslAnalyzer": {
    "target": "example.com"
  }
}

---

🔍 What It Detects

CRITICAL:

• SSLv3 support
• Expired certificates
• Certificate not yet valid

HIGH:

• TLS 1.0/1.1 support
• Weak ciphers (RC4, DES, 3DES)
• Self-signed certificates
• Weak key sizes (< 2048-bit)

MEDIUM:

• Missing HSTS
• No HTTPS redirect
• Incomplete certificate chains
• Weak signature algorithms (SHA-1)

LOW:

• Short HSTS duration (< 1 year)
• Certificate expiring soon (< 30 days)

---

📈 Benefits

• ⚡ Fast Analysis: Complete SSL/TLS audit in ~3 seconds
• 🎯 Comprehensive: Tests 10+ security aspects
• 📊 Detailed Reports: JSON/CSV export with all findings
• 🔒 Best Practices: Aligned with industry standards
• 💾 Automation Ready: Perfect for CI/CD integration

---

⚠️ Legal Notice

FOR AUTHORIZED TESTING ONLY. Obtain explicit permission before testing any systems.

---

📞 Contact

• GitHub: @PicoBaz
• Email: picobaz3@gmail.com
• Telegram: @picobaz

---

Full Changelog: v2.4.0...v2.5.0

Use Responsibly. Test Ethically. Secure Everything. 🌌

Made with ❤️ by @PicoBaz

🎯 NexusBrute v2.4.0 - Multi-Target Campaign Manager

🎯 Multi-Target Campaign Manager Module

Advanced security testing orchestration with enterprise-grade features:

Core Capabilities:

• Dual Execution Modes: Sequential (one-by-one) or Parallel (concurrent) testing
• Multi-Module Support: Run any combination of security modules per target
• Smart Queueing: Intelligent operation scheduling and prioritization
• Target Management: Load from JSON files or inline configuration
• Real-time Monitoring: Live progress tracking with status updates
• Vulnerability Aggregation: Automatic correlation across all targets
• Campaign Analytics: Comprehensive success/failure statistics
• Automated Reporting: Generate detailed JSON reports with security recommendations
• Batch Processing: Configurable concurrency (default: 3, max recommended: 10)
• Flexible Timing: Control delays between targets and modules

Supported Modules:

• Header Injection Tester
• WebSocket Security Tester
• Subdomain Enumerator
• JWT Analyzer
• SQL Injection Tester
• API Fuzzer
• Smart Brute Force

Key Features:

• 🎯 Coordinate tests across unlimited targets
• ⚡ Parallel processing for faster completion
• 📊 Real-time campaign statistics
• 📝 Automated vulnerability aggregation
• 💾 JSON and CSV export
• 🔍 Detailed operation tracking
• ⏱️ Time management per operation
• 📄 Professional security reports

---

🔧 Configuration

Basic Sequential Campaign:

{
  "campaignManager": {
    "campaignName": "Security Assessment 2025",
    "mode": "sequential",
    "targetsFile": "campaign-targets.json",
    "modules": [
      { "name": "headerInjection", "config": { "testTypes": ["all"] } },
      { "name": "subdomainEnumerator", "config": { "methods": ["crt"] } }
    ],
    "delayBetweenTargets": 2000,
    "generateReport": true
  }
}

Parallel High-Speed Campaign:

{
  "campaignManager": {
    "campaignName": "Fast Scan",
    "mode": "parallel",
    "maxConcurrent": 5,
    "targetsFile": "targets.json",
    "modules": [
      { "name": "headerInjection" }
    ]
  }
}

Targets File (campaign-targets.json):

[
  {
    "name": "Production API",
    "target": "api.example.com",
    "config": { "targetUrl": "https://api.example.com" }
  },
  {
    "name": "Staging",
    "target": "staging.example.com",
    "config": { "targetUrl": "https://staging.example.com" }
  }
]

---

📊 Example Output

🎯 Multi-Target Campaign Manager Started
================================================================
Campaign: Security Assessment 2025
Mode: sequential
Targets: 5 | Modules: 3 | Total Operations: 15

[1/5] Processing: Production API
  [1/3] Running headerInjection... ✓ Found 2 vulnerabilities
  [2/3] Running subdomainEnumerator... ✓
  [3/3] Running websocketTester... ✓ Found 1 vulnerabilities

📊 Campaign Summary
================================================================
Duration: 245s | Successful: 14/15 | Failed: 1/15
⚠️  Total Vulnerabilities Found: 12

Vulnerabilities by Target:
  • Staging: 5
  • Production: 4
  • Development: 3

📄 Report saved to: results/campaign-report.json

---

💡 Use Cases

• Enterprise Assessments: Test multiple production environments simultaneously
• Continuous Security: Automated regular security checks across infrastructure
• Bug Bounty: Efficiently scan multiple subdomains and endpoints
• Compliance Audits: Document security posture across all assets
• DevOps Integration: Integrate into CI/CD pipelines for automated testing

---

📦 Complete Feature Set (12 Modules)

1. Smart Brute Force
2. Password Generator
3. Rate Limit Checker
4. Wordlist Optimizer
5. API Fuzzer
6. SQL Injection Tester
7. DDoS Tester
8. JWT Analyzer
9. Header Injection Tester
10. WebSocket Security Tester
11. Subdomain Enumerator
12. Multi-Target Campaign Manager ⭐ NEW!

---

🚀 Installation & Upgrade

New Installation:

git clone https://github.com/PicoBaz/NexusBrute.git
cd NexusBrute
npm install axios chalk ws
node index.js

Upgrade from v2.3.0:

git pull origin main

Add to config.json:

{
  "campaignManager": {
    "campaignName": "My Campaign",
    "mode": "sequential",
    "targetsFile": "campaign-targets.json",
    "modules": [...]
  }
}

---

📈 Performance & Benefits

• ⚡ Parallel Mode: Test 10+ targets simultaneously
• 🎯 Sequential Mode: Predictable, rate-limit friendly execution
• 📊 Aggregated Results: Unified view of all vulnerabilities
• 💾 Automated Reports: Professional JSON reports with recommendations
• ⏱️ Time Tracking: Monitor campaign duration and efficiency
• 🔍 Detailed Logging: Track every operation's success/failure

---

⚠️ Legal Notice

FOR AUTHORIZED TESTING ONLY. Obtain explicit permission before testing any systems. Unauthorized access is illegal.

---

📞 Contact

• GitHub: @PicoBaz
• Email: picobaz3@gmail.com
• Telegram: @picobaz

---

Full Changelog: v2.3.0...v2.4.0

Use Responsibly. Test Ethically. Secure Everything. 🌌

Made with ❤️ by @PicoBaz

v2.3.0

🌐 NexusBrute v2.3.0 - Subdomain Discovery & Reconnaissance

🎯 Release Highlights

We're thrilled to announce NexusBrute v2.3.0, featuring a powerful new Subdomain Enumerator module that brings comprehensive subdomain discovery and reconnaissance capabilities to the toolkit!

This release focuses on domain intelligence gathering through multiple enumeration techniques, making NexusBrute the ultimate toolkit for reconnaissance and attack surface mapping.

---

⭐ What's New

🌐 Subdomain Enumerator Module (NEW!)

A comprehensive subdomain discovery and analysis toolkit with multiple enumeration methods and vulnerability detection:

Core Enumeration Methods:

1. DNS Bruteforce

• Custom wordlist-based subdomain discovery
• Includes 200+ common subdomain prefixes
• Concurrent DNS resolution for speed
• Real-time progress tracking
• Configurable delay to prevent rate limiting
• Support for both A and AAAA records

2. Certificate Transparency Log Mining

• Queries crt.sh for historical certificate data
• Discovers subdomains from SSL/TLS certificates
• Extracts data from wildcard certificates
• Verifies all discovered subdomains via DNS
• Finds subdomains even if not currently active

3. Permutation Scanning

• Generates variations of discovered subdomains
• Common patterns tested:
  • Development: -dev, dev-, -development
  • Staging: -staging, staging-, -stage
  • Production: -prod, prod-, -production
  • Testing: -test, test-, -qa, -uat
  • Numbered: 01, 02, 1, 2
• Discovers hidden environments and instances

4. Wildcard DNS Detection

• Identifies wildcard DNS configurations
• Prevents false positive subdomain discoveries
• Alerts users to potential enumeration issues
• Continues with awareness of wildcards

5. DNS Zone Transfer Testing

• Tests all nameservers for misconfigurations
• Attempts AXFR zone transfer
• CRITICAL severity if successful
• Extracts complete domain zone data
• Tests multiple nameservers

Advanced Features:

HTTP/HTTPS Accessibility Checking

• Tests both HTTP and HTTPS protocols
• Extracts page titles for identification
• Records HTTP status codes
• Identifies server types (nginx, Apache, IIS, etc.)
• Follows redirects (with limit)

Comprehensive DNS Record Analysis

• A Records: IPv4 addresses
• AAAA Records: IPv6 addresses
• CNAME Records: Canonical names and aliases
• MX Records: Mail server information
• TXT Records: SPF, DKIM, and other metadata

Subdomain Takeover Detection

• Analyzes CNAME records for vulnerabilities
• Detects 10+ vulnerable services:
  • GitHub Pages (github.io)
  • Heroku (herokuapp.com)
  • AWS S3 (s3.amazonaws.com)
  • Azure (azurewebsites.net)
  • Shopify (myshopify.com)
  • Tumblr (tumblr.com)
  • WordPress.com
  • Ghost.io
  • Bitbucket (bitbucket.io)
  • Fastly (fastly.net)
• HIGH severity classification
• Detailed vulnerability reporting

Key Features:

• 🎯 Multiple Discovery Methods: DNS bruteforce, CT logs, permutations, zone transfer
• 🔍 200+ Default Subdomains: Comprehensive wordlist included
• 🧠 Intelligent Analysis: Automatic vulnerability detection
• ⚡ Fast & Efficient: Concurrent operations with rate limiting
• 📊 Rich Output: Subdomain lists with IPs, HTTP info, DNS records
• 📝 Detailed Reports: JSON and CSV export formats
• 🔒 Security Focus: Takeover detection and zone transfer testing
• 🌐 Real-time Progress: Live discovery tracking

---

🚀 Installation & Quick Start

New Installation

git clone https://github.com/PicoBaz/NexusBrute.git
cd NexusBrute
npm install axios chalk ws
mkdir results wordlists
node index.js

Upgrading from v2.2.0

git pull origin main

Update your config.json:

{
  "subdomainEnumerator": {
    "domain": "example.com",
    "methods": ["all"],
    "wordlistFile": "wordlists/subdomains.txt",
    "delay": 100,
    "checkWildcard": true
  }
}

Add the subdomain wordlist to wordlists/subdomains.txt

---

🎯 Usage Example

1. Configure Target in config.json:

{
  "subdomainEnumerator": {
    "domain": "target.com",
    "methods": ["all"],
    "wordlistFile": "wordlists/subdomains.txt",
    "delay": 100,
    "checkWildcard": true
  }
}

2. Run NexusBrute:

node index.js

3. Select Option 11 - Subdomain Enumerator 🌐

4. Review Results:

🌐 Subdomain Enumerator Started
================================================================

🔍 Checking for Wildcard DNS...
✓ No wildcard DNS detected

🔍 Bruteforcing Subdomains...
✓ Found: www.target.com [93.184.216.34]
✓ Found: api.target.com [93.184.216.35]
✓ Found: mail.target.com [93.184.216.36]

🔍 Querying Certificate Transparency Logs...
✓ Found: admin.target.com [93.184.216.37]
✓ Found: dev.target.com [93.184.216.38]
  ⚠️  Potential takeover: GitHub Pages

📊 Enumeration Summary
================================================================
✓ Total Subdomains Found: 28
⚠️  Total Vulnerabilities Found: 1
Time elapsed: 45.23s

---

📊 Enumeration Coverage

Discovery Methods:

• ✅ DNS Bruteforce (200+ default subdomains)
• ✅ Certificate Transparency Logs
• ✅ Permutation Scanning
• ✅ Zone Transfer Testing
• ✅ Wildcard Detection

Vulnerability Detection:

• ✅ Subdomain Takeover (10+ services)
• ✅ DNS Zone Transfer Misconfiguration
• ✅ Exposed Development Environments
• ✅ Unprotected Admin Panels
• ✅ Wildcard DNS Issues

Data Collected Per Subdomain:

• IPv4 and IPv6 addresses
• HTTP/HTTPS accessibility
• Page titles and content
• Server types
• CNAME records
• MX records
• TXT records
• Vulnerability status

---

🛡️ Security & Compliance

Ethical Testing Features:

• ⏱️ Configurable DNS query delays
• 🔒 Respects DNS server rate limits
• 📝 Comprehensive logging
• 🚫 Timeout protection
• ⚖️ Legal disclaimer and usage guidelines

Industry Use Cases:

• 🎯 Reconnaissance: Map attack surface before penetration testing
• 🔍 Asset Discovery: Find forgotten or shadow IT subdomains
• 💰 Bug Bounty: Discover out-of-scope or overlooked assets
• 📚 Security Audits: Validate DNS configurations
• ✅ Compliance: Document all internet-facing assets

---

📦 Complete Feature Set

Current Modules (11 Total):

1. ✅ Smart Brute Force
2. ✅ Password Generator
3. ✅ Rate Limit Checker
4. ✅ Wordlist Optimizer
5. ✅ API Fuzzer
6. ✅ SQL Injection Tester
7. ✅ DDoS Tester
8. ✅ JWT Analyzer
9. ✅ Header Injection Tester
10. ✅ WebSocket Security Tester
11. ✅ Subdomain Enumerator ⭐ NEW!

---

🔧 Configuration Options

Basic Configuration:

{
  "subdomainEnumerator": {
    "domain": "example.com",
    "methods": ["all"],
    "delay": 100
  }
}

Advanced Configuration:

{
  "subdomainEnumerator": {
    "domain": "example.com",
    "methods": ["bruteforce", "crt", "permutation"],
    "wordlistFile": "wordlists/custom-subdomains.txt",
    "delay": 50,
    "checkWildcard": true
  }
}

Method Options:

• "all" - Run all enumeration methods (recommended)
• "bruteforce" - DNS bruteforce only
• "crt" - Certificate Transparency only
• "permutation" - Permutation scanning only
• "zonetransfer" - Zone transfer testing only

---

📈 Performance

• ⚡ Fast Discovery: 200+ subdomains tested in under 30 seconds
• 💾 Memory Efficient: Optimized DNS resolution
• 🔄 Concurrent: Multiple DNS queries simultaneously
• 📊 Scalable: Handle large wordlists efficiently

---

⚠️ Legal Notice

FOR AUTHORIZED SECURITY TESTING ONLY

NexusBrute is designed for ethical security testing by authorized professionals. Always obtain explicit written permission before testing any systems. Unauthorized reconnaissance and access to computer systems is illegal and punishable by law. The developers assume no liability for misuse of this software.

---

🤝 Community & Support

Get Involved:

• 🌟 Star the Repository: Show your support!
• 🐛 Report Issues: Help us improve
• 💡 Feature Requests: Share your ideas
• 🔧 Contribute: Submit pull requests

Contact:

• GitHub: @PicoBaz
• Email: picobaz3@gmail.com
• Telegram: @picobaz
• Issues: GitHub Issues
• Discussions: GitHub Discussions

---

📦 Release Assets

• Source Code: Source code (zip) | Source code (tar.gz)
• Documentation: Complete README and CHANGELOG included
• Wordlist: 200+ common subdomain prefixes included

---

🙏 Acknowledgments

Special thanks to:

• The subdomain enumeration and OSINT community
• crt.sh for Certificate Transparency data
• DNS server operators who maintain stable infrastructure
• Security researchers who discover and share takeover techniques
• All contributors and users providing feedback

---

📊 Comparison with Previous Versions

Feature	v2.1.0	v2.2.0	v2.3.0
Modules	9	10	11
Header Injection	✅	✅	✅
WebSocket Testing	❌	✅	✅
Subdomain Enum	❌	❌	✅
Enumeration Methods	-	-	5
Default Wordlist	-	-	200+
Takeover Detection	❌	❌	✅
CT Log Mining	❌	❌	✅
Zone Transfer Test	❌	❌	✅

---

🎓 Learning Resources

Understanding Subdomain Enumeration:

• OWASP Testing Guide - Information Gathering
• DNS Reconnaissance Techniques
• Certificate Transparency Overview
• Subdomain Takeover Vulnerabilities

Recommended Reading:

• DNS Zone Transfer Attacks
• Subdomain Brutef...

v2.2.0

🔌 NexusBrute v2.2.0 - WebSocket Security Scanner

🎯 Release Highlights

We're excited to announce NexusBrute v2.2.0, featuring a powerful new WebSocket Security Tester module that brings real-time WebSocket vulnerability scanning to the toolkit!

This release expands NexusBrute's capabilities to cover modern real-time communication protocols, making it the most comprehensive security testing toolkit for web applications using WebSocket technology.

---

⭐ What's New

🔌 WebSocket Security Tester Module (NEW!)

A comprehensive WebSocket vulnerability scanner with real-time testing capabilities and advanced attack detection:

Core Testing Capabilities:

1. Connection Security Testing

• Protocol validation (ws:// vs wss://)
• SSL/TLS implementation verification
• Insecure connection detection
• Protocol downgrade vulnerability identification

2. Origin Validation Testing

• 8 malicious origin scenarios:
  • null origin bypass
  • External domain connections (evil.com)
  • localhost origin spoofing
  • file:// protocol attempts
  • Path traversal in origin header
  • XSS payloads in origin
• CORS misconfiguration detection
• Cross-origin bypass identification

3. Message Injection Testing

• 15+ Comprehensive Payloads:
  • Cross-Site Scripting (XSS) - multiple variants
  • SQL Injection - classic and modern techniques
  • Path Traversal - directory access attempts
  • Template Injection - multiple engines (Handlebars, Angular, etc.)
  • Command Injection - OS command execution
  • NoSQL Injection - MongoDB specific
  • Prototype Pollution - JavaScript object manipulation
  • Null Byte Injection - binary data attacks
• Real-time response analysis
• Payload reflection detection
• Input sanitization validation

4. CSRF Protection Validation

• Tests 3 authentication scenarios:
  • No authentication headers
  • Missing CSRF tokens
  • Invalid CSRF tokens
• WebSocket-specific CSRF protection testing
• Sensitive operation execution validation

5. Rate Limiting Analysis

• Configurable message flooding tests
• Burst vs sustained rate limit detection
• DoS vulnerability identification
• Resource exhaustion testing
• Customizable test parameters:
  • Maximum messages (default: 100)
  • Interval between messages (default: 10ms)

6. Authentication Bypass Testing

• 5 Authentication Bypass Techniques:
  • No token authentication
  • Invalid token handling
  • Expired token acceptance
  • Malformed token processing
  • None algorithm JWT bypass
• Token verification validation
• Session management testing

7. Denial of Service Testing

• Large message handling (up to 10MB)
• Connection flooding detection (rapid connections)
• Resource exhaustion analysis
• Server stability validation

Key Features:

• 🎯 100+ Test Scenarios: Comprehensive WebSocket vulnerability coverage
• 🧠 Real-time Monitoring: Live message logging and analysis
• 📊 Intelligent Detection: Automatic vulnerability identification
• ⚡ Fast Execution: Optimized testing with configurable delays
• 📝 Detailed Reporting: Severity-based vulnerability reports (CRITICAL/HIGH/MEDIUM/LOW)
• 💾 Export Formats: JSON and CSV for integration with other tools
• 🔄 Connection Management: Automatic cleanup and resource handling
• ⏱️ Timeout Protection: Prevents hanging connections

---

🚀 Installation & Quick Start

New Installation

git clone https://github.com/PicoBaz/NexusBrute.git
cd NexusBrute
npm install axios chalk ws
mkdir results
node index.js

Upgrading from v2.1.0

git pull origin main
npm install ws

Update your config.json:

{
  "websocketTester": {
    "targetUrl": "wss://example.com/ws",
    "testTypes": ["all"],
    "delay": 500,
    "rateLimitTest": {
      "maxMessages": 100,
      "interval": 10
    }
  }
}

---

🎯 Usage Example

1. Configure Target in config.json:

{
  "websocketTester": {
    "targetUrl": "wss://echo.websocket.org",
    "testTypes": ["all"],
    "delay": 500,
    "rateLimitTest": {
      "maxMessages": 50,
      "interval": 10
    }
  }
}

2. Run NexusBrute:

node index.js

3. Select Option 10 - WebSocket Security Tester 🔌

4. Review Results:

🔌 WebSocket Security Tester Started
================================================================

🔍 Testing Connection Security...
✓ wss:// connection successful

🔍 Testing Origin Validation...
✗ VULNERABILITY: Origin 'http://evil.com' accepted

🔍 Testing Message Injection...
✗ VULNERABILITY: Payload reflected

📊 Test Summary
================================================================
⚠️  Total Vulnerabilities Found: 5
Time elapsed: 45.67s

---

📊 Test Coverage

Vulnerability Types Detected:

• ✅ Insecure WebSocket Connections (ws://)
• ✅ Origin Validation Bypass
• ✅ CORS Misconfigurations
• ✅ Message Injection (XSS, SQLi, etc.)
• ✅ CSRF Vulnerabilities
• ✅ Missing Authentication
• ✅ Authentication Bypass
• ✅ Rate Limiting Issues
• ✅ Denial of Service
• ✅ Large Message Handling
• ✅ Connection Flooding
• ✅ Input Sanitization Failures

Test Statistics:

• Connection Tests: 2 protocols (ws, wss)
• Origin Tests: 8 malicious origins
• Injection Tests: 15+ payloads
• CSRF Tests: 3 scenarios
• Auth Bypass Tests: 5 techniques
• DoS Tests: 2 attack vectors
• Total Test Cases: 135+ individual checks

---

🛡️ Security & Compliance

Ethical Testing Features:

• ⏱️ Configurable delays between tests
• 🔒 Automatic connection cleanup
• 📝 Comprehensive logging
• 🚫 Timeout protection (10 second default)
• ⚖️ Legal disclaimer and usage guidelines

Industry Use Cases:

• 🎯 Real-time Application Testing: Chat apps, live dashboards, gaming
• 🔍 Security Audits: WebSocket API security validation
• 💰 Bug Bounty Hunting: Discover WebSocket vulnerabilities
• 📚 Security Training: Learn WebSocket attack techniques
• ✅ Compliance: Meet security testing requirements

---

📦 Complete Feature Set

Current Modules (10 Total):

1. ✅ Smart Brute Force
2. ✅ Password Generator
3. ✅ Rate Limit Checker
4. ✅ Wordlist Optimizer
5. ✅ API Fuzzer
6. ✅ SQL Injection Tester
7. ✅ DDoS Tester
8. ✅ JWT Analyzer
9. ✅ Header Injection Tester
10. ✅ WebSocket Security Tester ⭐ NEW!

---

🔧 Configuration Options

Basic Configuration:

{
  "websocketTester": {
    "targetUrl": "wss://example.com/ws",
    "testTypes": ["all"],
    "delay": 500
  }
}

Advanced Configuration:

{
  "websocketTester": {
    "targetUrl": "wss://example.com/ws",
    "testTypes": ["injection", "csrf", "auth"],
    "delay": 1000,
    "rateLimitTest": {
      "maxMessages": 200,
      "interval": 5
    }
  }
}

Test Type Options:

• "all" - Run all tests (recommended)
• "connection" - Connection security only
• "origin" - Origin validation only
• "injection" - Message injection only
• "csrf" - CSRF protection only
• "ratelimit" - Rate limiting only
• "auth" - Authentication bypass only
• "dos" - Denial of service only

---

📈 Performance

• ⚡ Fast Testing: 135+ tests in under 60 seconds (with 500ms delay)
• 💾 Memory Efficient: Optimized connection management
• 🔄 Real-time: Live message monitoring and logging
• 📊 Scalable: Test multiple endpoints sequentially

---

🐛 Bug Fixes & Improvements

• Enhanced WebSocket connection handling
• Improved timeout management
• Better error handling for connection failures
• Optimized payload delivery
• Enhanced vulnerability detection accuracy
• Improved message logging system

---

📚 Documentation Updates

• Complete WebSocket Security Tester documentation
• Updated README with WebSocket module details
• Added configuration examples
• Included troubleshooting guide
• Enhanced best practices for WebSocket testing
• Updated package.json with ws dependency

---

⚠️ Legal Notice

FOR AUTHORIZED SECURITY TESTING ONLY

NexusBrute is designed for ethical security testing by authorized professionals. Always obtain explicit written permission before testing any systems. Unauthorized access to computer systems is illegal and punishable by law. The developers assume no liability for misuse of this software.

---

🤝 Community & Support

Contact:

• GitHub: @PicoBaz
• Email: picobaz3@gmail.com
• Telegram: @picobaz
• Issues: GitHub Issues
• Discussions: GitHub Discussions

---

🙏 Acknowledgments

Special thanks to:

• The WebSocket security research community
• OWASP WebSocket Security Testing Guide contributors
• ws library maintainers for excellent WebSocket support
• All contributors and users providing feedback
• Open source security tools that inspire innovation

---

📊 Comparison with Previous Versions

Feature	v2.0.0	v2.1.0	v2.2.0
Modules	8	9	10
JWT Testing	✅	✅	✅
Header Injection	❌	✅	✅
WebSocket Testing	❌	❌	✅
Test Payloads	~150	~266	~400
Vulnerability Types	18	30	42
Real-time Testing	❌	❌	✅

---

🎓 Learning Resources

Understanding WebSocket Security:

• OWASP WebSocket Security Testing
• PortSwigger Web Security Academy - WebSocket Vulnerabilities
• RFC 6455 - The WebSocket Protocol

Recommended Reading:

• WebSocket Security Best Practices
• Cross-Site WebSocket Hijacking (CSWSH)
• WebSocket Message Injection Techniques
  ...

v2.1.0

🔬 NexusBrute v2.1.0 - Header Injection Security Scanner

🎯 Release Highlights

We're thrilled to announce NexusBrute v2.1.0, featuring a powerful new Header Injection Tester module that brings professional-grade HTTP header vulnerability scanning to the toolkit!

This release focuses on identifying critical web application vulnerabilities through comprehensive header manipulation testing, making NexusBrute an even more complete penetration testing solution.

---

⭐ What's New

🔬 Header Injection Tester Module (NEW!)

A comprehensive HTTP header vulnerability scanner with advanced injection detection and multiple attack vectors:

Attack Capabilities:

1. CRLF Injection Testing

• 10+ payload variations including URL-encoded formats
• Header splitting vulnerability detection
• HTTP response splitting identification
• Set-Cookie injection attempts
• XSS via header injection testing

2. Host Header Injection

• 9 sophisticated attack scenarios
• Cache poisoning vulnerability detection
• Password reset poisoning identification
• SSRF via Host header testing
• Subdomain takeover attempts
• Multiple host manipulation techniques

3. X-Forwarded-For Manipulation

• Tests 5 different forwarding headers:
  • X-Forwarded-For
  • X-Real-IP
  • X-Originating-IP
  • X-Remote-IP
  • X-Client-IP
• IP spoofing detection
• Header reflection analysis
• Access control bypass testing
• XSS and SQLi via IP headers

4. Header Value Injection

• Tests 6 critical HTTP headers:
  • Referer
  • User-Agent
  • Cookie
  • Origin
  • Accept-Language
  • Accept-Encoding
• 7 payload types per header:
  • XSS (Cross-Site Scripting)
  • SQL Injection
  • Path Traversal
  • Template Injection
  • Command Injection
  • HTML Injection
  • LDAP Injection

Key Features:

• 🎯 50+ Payload Combinations: Comprehensive coverage of common injection techniques
• 🧠 Intelligent Detection: Automatic vulnerability identification with pattern matching
• 📊 Risk Classification: CRITICAL/HIGH/MEDIUM/LOW severity ratings
• ⚡ Real-time Progress: Live tracking of test execution
• 📝 Detailed Reporting: Comprehensive vulnerability reports with proof of concept
• 💾 Multiple Export Formats: JSON and CSV for integration with other tools
• 🔄 Proxy Support: Distributed testing via proxy rotation
• ⏱️ Rate Control: Configurable delays to prevent service disruption

---

🚀 Installation & Quick Start

New Installation

git clone https://github.com/PicoBaz/NexusBrute.git
cd NexusBrute
npm install axios chalk
mkdir results
node index.js

Upgrading from v2.0.0

git pull origin master

Update your config.json:

{
  "headerInjection": {
    "targetUrl": "https://example.com",
    "testTypes": ["all"],
    "delay": 500,
    "useProxy": false
  }
}

---

🎯 Usage Example

1. Configure Target in config.json:

{
  "headerInjection": {
    "targetUrl": "https://target.com/api",
    "testTypes": ["all"],
    "delay": 500,
    "useProxy": false
  }
}

2. Run NexusBrute:

node index.js

3. Select Option 9 - Header Injection Tester 🔬

4. Review Results:

🔬 Header Injection Tester Started
================================================================

🔍 Testing CRLF Injection...
✗ VULNERABILITY FOUND!
Payload: %0d%0aX-Injected: true
  - CRLF_INJECTION: CRLF characters reflected in response headers

🔍 Testing Host Header Injection...
✗ VULNERABILITY FOUND!
Host: evil.com
  Status: 200

📊 Test Summary
================================================================
⚠️  Total Vulnerabilities Found: 5
Time elapsed: 23.45s

---

📊 Test Coverage

Vulnerability Types Detected:

• ✅ CRLF Injection
• ✅ HTTP Response Splitting
• ✅ Host Header Poisoning
• ✅ Cache Poisoning
• ✅ Password Reset Poisoning
• ✅ IP Spoofing
• ✅ Header Reflection
• ✅ XSS via Headers
• ✅ SQL Injection via Headers
• ✅ Path Traversal
• ✅ Template Injection
• ✅ Access Control Bypass

Test Statistics:

• CRLF Tests: 10 payloads
• Host Header Tests: 9 scenarios
• XFF Tests: 11 payloads × 5 headers = 55 combinations
• Header Value Tests: 6 headers × 7 payloads = 42 combinations
• Total Test Cases: 116+ individual checks

---

🛡️ Security & Compliance

Ethical Testing Features:

• ⏱️ Configurable delays between requests
• 🔄 Proxy rotation for distributed testing
• 📝 Comprehensive logging and audit trails
• 🚫 Timeout protection to prevent DoS
• ⚖️ Legal disclaimer and usage guidelines

Industry Use Cases:

• 🎯 Penetration Testing: Identify header-based vulnerabilities
• 🔍 Security Audits: Validate web application security controls
• 💰 Bug Bounty Hunting: Discover exploitable header injection flaws
• 📚 Security Training: Learn about header manipulation techniques
• ✅ Compliance: Meet security testing requirements (PCI-DSS, OWASP)

---

📦 Complete Feature Set

Current Modules (9 Total):

1. ✅ Smart Brute Force
2. ✅ Password Generator
3. ✅ Rate Limit Checker
4. ✅ Wordlist Optimizer
5. ✅ API Fuzzer
6. ✅ SQL Injection Tester
7. ✅ DDoS Tester
8. ✅ JWT Analyzer
9. ✅ Header Injection Tester ⭐ NEW!

---

🔧 Configuration Options

Basic Configuration:

{
  "headerInjection": {
    "targetUrl": "https://example.com",
    "testTypes": ["all"],
    "delay": 500,
    "useProxy": false
  }
}

Selective Testing:

{
  "headerInjection": {
    "targetUrl": "https://example.com",
    "testTypes": ["crlf", "host"],
    "delay": 1000,
    "useProxy": true
  }
}

Test Type Options:

• "all" - Run all tests (recommended)
• "crlf" - CRLF injection only
• "host" - Host header injection only
• "xff" - X-Forwarded-For manipulation only
• "value" - Header value injection only

---

📈 Performance

• ⚡ Fast Execution: 116+ tests in under 60 seconds (with 500ms delay)
• 💾 Memory Efficient: Optimized for large-scale testing
• 🔄 Concurrent Support: Proxy rotation for distributed testing
• 📊 Real-time Feedback: Live progress indicators

---

🐛 Bug Fixes & Improvements

• Enhanced error handling for network timeouts
• Improved vulnerability detection accuracy
• Better false positive filtering
• Optimized payload delivery mechanisms
• Enhanced reporting clarity

---

⚠️ Legal Notice

FOR AUTHORIZED SECURITY TESTING ONLY

NexusBrute is designed for ethical security testing by authorized professionals. Always obtain explicit written permission before testing any systems. Unauthorized access to computer systems is illegal and punishable by law. The developers assume no liability for misuse of this software.

---

🤝 Community & Support

Contact:

• GitHub: @PicoBaz
• Email: picobaz3@gmail.com
• Telegram: @picobaz
• Issues: GitHub Issues
• Discussions: GitHub Discussions

---

🙏 Acknowledgments

Special thanks to:

• The security research community for vulnerability research
• OWASP for security best practices
• All contributors and users who provide feedback
• Open source maintainers whose libraries make this possible

---

📊 Comparison with Previous Versions

Feature	v1.0.0	v2.0.0	v2.1.0
Modules	7	8	9
JWT Testing	❌	✅	✅
Header Injection	❌	❌	✅
Test Payloads	~100	~150	~266
Vulnerability Types	10	18	30
Export Formats	2	2	2

---

🎓 Learning Resources

Understanding Header Injection:

• OWASP Testing Guide - Header Manipulation
• PortSwigger Web Security Academy - HTTP Header Injection
• Bug Bounty Methodology - Header-based Vulnerabilities

Recommended Reading:

• HTTP Response Splitting (CRLF Injection)
• Host Header Attacks
• IP Spoofing and Forwarding Headers
• Cache Poisoning Techniques

---

Full Changelog: v2.0.0...v2.1.0

---

Use Responsibly. Test Ethically. Secure Everything. 🌌

---

Made with ❤️ by @PicoBaz

NexusBrute - Professional Security Testing Toolkit

🔐 NexusBrute v2.0.0 - JWT Security Arsenal

🎉 Major Release: Advanced JWT Analysis & Exploitation

We're excited to announce NexusBrute v2.0.0, featuring a powerful new JWT Analyzer module that brings professional-grade JWT security testing capabilities to the toolkit!

---

⭐ What's New

🔐 JWT Analyzer Module (NEW!)

A comprehensive JWT security testing module with advanced attack vectors and analysis capabilities:

Core Features:

• 🔍 Token Parsing & Decoding: Decode and analyze JWT headers, payloads, and signatures
• 🛡️ Security Vulnerability Detection: Automatic identification of common JWT security issues
• ⚠️ None Algorithm Attack: Test for disabled signature verification
• 🔨 Secret Bruteforce: HMAC secret key bruteforcing with custom wordlists (HS256/HS384/HS512)
• 🔄 Key Confusion Attack: Test RS256 to HS256 algorithm confusion vulnerabilities
• ✏️ Claims Manipulation: Validate signature verification by tampering with claims
• 📊 Detailed Reporting: Comprehensive security analysis with severity levels (CRITICAL/HIGH/MEDIUM/LOW)
• 💾 Export Support: JSON and CSV output formats for integration with other tools

Security Checks:

• Algorithm security validation
• Token expiration analysis
• Sensitive data detection in payloads
• Weak secret detection
• Long-lived token warnings

---

🚀 Highlights

Professional-Grade JWT Testing

Test JWTs against the most common vulnerabilities found in real-world applications:

• None algorithm bypass
• Weak HMAC secrets
• Algorithm confusion
• Missing signature verification
• Insecure token configurations

Seamless Integration

Fits perfectly into the existing NexusBrute modular architecture with:

• Interactive CLI menu integration
• Config-driven operation
• Proxy rotation support
• Consistent export functionality

Ready-to-Use Resources

Includes sample wordlist for JWT secret bruteforcing to get started immediately.

---

📦 Installation & Setup

git clone https://github.com/PicoBaz/NexusBrute.git
cd NexusBrute
npm install axios chalk
mkdir wordlists
node index.js

---

🎯 Quick Start - JWT Analyzer

1. Configure your target in config.json:

{
  "jwtAnalyzer": {
    "token": "eyJhbGci...",
    "targetUrl": "https://api.example.com/protected",
    "wordlistFile": "wordlists/jwt_secrets.txt",
    "testClaims": {
      "role": "admin"
    }
  }
}

2. Run NexusBrute:

node index.js

3. Select option 8 - JWT Analyzer 🔐

4. Get comprehensive analysis with vulnerability reports and attack results!

---

📋 Full Module List

1. Smart Brute Force
2. Password Generator
3. Rate Limit Checker
4. Wordlist Optimizer
5. API Fuzzer
6. SQL Injection Tester
7. DDoS Tester
8. JWT Analyzer ⭐ NEW!

---

🛡️ Use Cases

For Security Professionals:

• Penetration Testing: Identify JWT vulnerabilities in web applications
• Security Audits: Validate JWT implementation security
• Bug Bounty Hunting: Find JWT-related security flaws
• Security Training: Learn about JWT attack vectors

Common Scenarios:

• Testing API authentication mechanisms
• Validating token signature verification
• Checking for weak secrets
• Analyzing token security configurations

---

📈 Performance

• Fast Bruteforce: 500+ attempts per second (varies by hardware)
• Memory Efficient: Optimized for large wordlists
• Real-time Progress: Live attack progress tracking
• Detailed Timing: Precise elapsed time measurements

---

🔧 Configuration Options

{
  "jwtAnalyzer": {
    "token": "your-jwt-token",
    "targetUrl": "https://api.example.com/endpoint",
    "wordlistFile": "wordlists/jwt_secrets.txt",
    "publicKeyFile": "keys/public.pem",
    "testClaims": {
      "role": "admin",
      "isAdmin": true
    },
    "useProxy": false
  }
}

---

📚 Documentation

Full documentation available in the README.md including:

• Detailed module explanations
• Configuration examples
• Output examples
• Troubleshooting guide
• Best practices

---

⚠️ Legal Notice

FOR AUTHORIZED SECURITY TESTING ONLY

This tool is designed for ethical security testing by authorized professionals. Always obtain explicit written permission before testing any systems. Unauthorized access is illegal and punishable by law.

---

🐛 Bug Fixes & Improvements

• Enhanced error handling across all modules
• Improved proxy rotation stability
• Better result export formatting
• Updated dependencies for security patches
• Code optimization for better performance

---

🤝 Contributing

We welcome contributions! Check out our Contributing Guidelines and submit a PR.

---

📞 Support & Community

• Issues: GitHub Issues
• Discussions: GitHub Discussions
• Stars: If you find this useful, please ⭐ the repo!

---

🙏 Acknowledgments

Special thanks to the security research community and all contributors who make this project better!

---

📦 Assets

• Source Code: Source code (zip) | Source code (tar.gz)
• Checksums: See below for SHA256 verification

---

Full Changelog: v1.0.0...v2.0.0

---

Made with ❤️ by @PicoBaz

Use Responsibly. Test Ethically. Secure Everything. 🌌

NexusBrute v1.2.1 - Modular SQL Injector

🌌 NexusBrute v1.2.1 - Modular SQL Injector 🌌

• Separated SQL Injection payloads into sql_payloads.json for better modularity.
• Updated sql_injection.js to load payloads from sql_payloads.json.
• Updated config.json to use payloadFile for SQL Injection payloads.
• Bumped version to 1.2.1.
  WARNING: Use only with explicit permission. Unauthorized use is illegal.
  Stay secure! 🔒

NexusBrute v1.1.0 - Proxy Rotator Unleashed

🌌 NexusBrute v1.1.0 - Proxy Rotator Unleashed 🌌

• Added Proxy Rotator for dynamic proxy switching.
• Replaced proxy_support with proxy_rotator for enhanced stealth.
• Updated smart_brute, rate_limit_checker, and api_fuzzer to use Proxy Rotator.
• Added support for multiple proxies in config.json.
• Introduced CHANGELOG.md for version tracking.
  Use responsibly and only with explicit permission. Stay secure! 🔒

v1.0.0 - Cyber Vault Unleashed

🌌 NexusBrute v1.0.0 - Initial Release 🌌
Welcome to the Cyber Vault! This release brings the core arsenal for ethical security testing:

• Smart Brute: Controlled login testing with rate-limit awareness.
• Password Generator: Secure, customizable password creation.
• Rate Limit Checker: Precise API restriction analysis.
• Proxy Support: Stealthy requests via configurable proxies.
• Wordlist Optimizer: Streamlined password lists for efficiency.
• API Fuzzer: Vulnerability hunting with dynamic payloads.
• Session Logger: Detailed session logs for offline analysis.
• Interactive CLI: Sleek hacker-themed interface with neon visuals.
  Use responsibly and only with explicit permission. Stay secure! 🔒