*===================================================================* NiX - Linux Brute Forcer *===================================================================* 1st Mar. 2011 - 1.1.2 Headers were fixed in non-SSL FORM mode when using a SQUID proxy. Site and proxy protection mechanism detection was improved. If a cookie is received from the site in BASIC AUTH mode, it is now considered a possible "HIT", regardless of a reply or success and failure keys. A "days left information" was added to the estimated time left function. The default configuration file now has better examples *===================================================================* 12th Feb. 2011 - 1.1.1 Bug fixes: Fixed cookie handling in FORM mode when using a SOCKS proxy. The tool now proceeds accordingly if FORM does not redirect at all after a "HIT" or if in some cases redirect detection failed. Improved debug mode. *===================================================================* 23th Jan. 2011 - 1.1.0 FORM auto-detection has been improved. FORM MODE redirection handling after a "HIT" has been improved. Form engine can now handle the following redirections: 301/302 all variations Refresh: 5;url=xxx Meta refresh Proxy content filtering detection has been improved in a fake engine, which will cause fewer fakes regardless of the mode used if there was no success key defined. HTTPS (SSL) brute mode has been improved. *===================================================================* 20th Nov. 2010 - 1.0.3 Revert SOCKS5 feature: "Client cannot resolve the hostname" This is needed because a majority of public SOCKS5 proxies are unreliable Bug fix: Resolves the hostname only once to avoid noise. *===================================================================* 17th Nov. 2010 - 1.0.2 If the site target is something other than a default address, such as a custom IP address and port, headers are now created accordingly to fix any timeout problems that may occur FORM auto-detection has been fixed in SSL mode. FORM auto-detection has been improved. Note that JavaScript based forms are not currently supported, but these can be defined with a manual form input option *===================================================================* 13th Nov. 2010 - 1.0.1 The "recursion limit exceeded" bug was fixed. Sanity checks at the beginning of the security test were fixed. Error messages are now more descriptive. An example list of login/password pairs and an example proxy list were added. *===================================================================* 12th Nov. 2010 - Initial release 1.0.0 - Basic Authorization & FORM support - HTTP/SOCKS 4 and 5 proxy support - FORM auto-detection & Manual FORM input configuration. - It is multi-threaded - Auto-removal of dead or unreliable proxy and when site protection mechanism blocks the proxy - Integrated proxy randomization to defeat certain protection mechanisms - With Success and Failure Keys results are 99% accurate - Wordlist shuffling via macros - Advanced coding and timeout settings makes it outperform any other brute forcer