Conformer – Password Guessing for different Web Portals

Conformer is a penetration testing tool, mostly used for external assessments to perform password based attacks against common webforms.

The tool was created from a need for password guessing against new web forms, without having to do prior burp work each time, and wanting to automate such attacks.

Conformer - Guessing for different Web Portals
Conformer – Guessing for different Web Portals

Some of the portal included are:

  • SonicWallVOffice
  • CiscoSSLVPN
  • Netscaler
  • OWA (versions 2013/2016)
  • Gmail (Host: mail.google.com) (Google throttling authentication attempts)
  • Office365 (Host: outlook.office.com)
  • PaloAlto (GlobalProtect)
  • SharePoint
  • XenMobile
  • XenApp (Incomplete)
  • Okta (Incomplete)
  • AUTO (Attempt autodetect module)
  • SMB (Windows Auth. / supports NT Hash)

User will have with this program many different parameters and options that can be customized to make for a powerful attack. Conformer has been used in countless assessments to obtain valid user credentials for accessing the internal environment through VPN, other internal resources or data to further the assessment.

You can read more and download this tool over here: https://github.com/mikhbur/conformer

Share