Callow is a simple brute-force script for website login pages. It is meant to be a toy project, and is not intended for use in any serious capacity.
- Python 3.10+
- Google chrome
- ChromeDriver
Note: Use the ChromeDriver version corresponding to your Chrome version.
- Clone the repo
git clone github.com/maximousblk/callow.git- Install dependencies:
pip3 install -r requirements.txtIf you want to get most recent updates for Callow, just pull the latest changes:
git pullIf you are doing this first time, you can test this safely on the sandbox
Most important part for this to work is to get the selectors right.
- Run
callow.pyin the installation directory - Enter the URL for the login
- Go to the login page
- Open developer tools using
Ctrl+Shift+I - Enter the css selector for
<input>tags for username and password field - Enter the username or email of the target
- Enter the location of the password dictionary/list and hit Enter
Check out my blog post if you want a more elaborate guide.
You can also pass those options in the form of arguments.
You can see the options for Callow here.
| Option | Function |
|---|---|
--site |
Target website (http/https only) |
--usel |
Username input selector |
--psel |
Password input selector |
--user |
Target username to attack |
--pass |
Password dictionary |
Here is an example of how to use the arguments:
- Port to Python 3.x
- Cross platform compatibility
- Proxy/Tor support
For more, look into issues and projects...
This project (Callow) and it's contributors do not support or take responsibility for any form of unethical acts. This software is purely for educational purposes and is not intended to cause any harm.
Callow is available free of charge under the GPL-3.0 license and can be used for both, commercial and non-commercial purposes.