I would like to share with all our community a tool that could be useful on HTB mostly during bruteforce attacks.
The tool is CATANA .
The idea of this simple bash tool is the reduction of time of bruteforce attacks according to the Password Policy we detected.
In general, carrying out a bruteforce attack on a login form by wordlists like rockyou.txt could require a lot of time due to the number of strings (currently 14M+ passwords).
In case you are able to infer or detect the Password Policy (i.e., by the registration form), you can use CATANA for “cutting” your wordlists and keeping only the passwords compliant to the Password Policy.
I would appreciate if you have some suggestions or contributions to improve this small project that could help infosec people to perform further tests on the generation of tokens.
Here the link to the GitHub repo: https://github.com/D3vil0per/catana