pinowudi / entropy-buster Goto Github PK
View Code? Open in Web Editor NEWThis project forked from x9-security/entropy-buster
Entropy Buster or EBuster for short was inspired by Mining Mimecast: brute forcing your way to success by Paul Price. The attack he talked about is actually surprisingly common in the wild as a lot of companies will either use in-house custom URL encodings for link labeling or they will use existing encodings like Base64. In both of these cases unless the user is required to authorize before accessing the link, it opens a potential hole for attackers. The purpose of Entropy Buster is to take sets of strings that share some kind of commonality and look for commonly occurring characters or even static characters in the strings that can help with predictability.