{"id":13447,"date":"2021-06-13T21:23:12","date_gmt":"2021-06-13T15:53:12","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=13447"},"modified":"2021-06-13T21:23:12","modified_gmt":"2021-06-13T15:53:12","slug":"arkhota","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/arkhota\/","title":{"rendered":"Arkhota : A Web Brute Forcer For Android"},"content":{"rendered":"\n<p><strong>Arkhota <\/strong>is a web (HTTP\/S) brute forcer for Android. A web brute forcer is always in a hacker&#8217;s computer, for obvious reasons. Sometimes attacks require to be quick or\/and with minimal device preparation. Also a phone takes less attention rather than a laptop\/computer. For this situations here&#8217;s Arkhota.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Usage<\/strong><\/p>\n\n\n\n<p>Explanation is in order of objects in the APK from top to bottom.<\/p>\n\n\n\n<h5 class=\"has-light-green-cyan-background-color has-background wp-block-heading\"><a href=\"https:\/\/github.com\/ALW1EZ\/Arkhota#banner\"><\/a><strong>Banner<\/strong><\/h5>\n\n\n\n<ul class=\"wp-block-list\"><li>Banner, version &amp; author<\/li><\/ul>\n\n\n\n<p>You can long click to&nbsp;<strong>version<\/strong>&nbsp;to see about page.<\/p>\n\n\n\n<h5 class=\"has-light-green-cyan-background-color has-background wp-block-heading\"><a href=\"https:\/\/github.com\/ALW1EZ\/Arkhota#connection\"><\/a><strong>Connection<\/strong><\/h5>\n\n\n\n<ul class=\"wp-block-list\"><li>URL (required)<\/li><\/ul>\n\n\n\n<p>An URL to make request.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Body<\/li><\/ul>\n\n\n\n<p>You need to specify a body&nbsp;<strong>if<\/strong>&nbsp;you are going to make a POST request.<\/p>\n\n\n\n<h5 class=\"has-light-green-cyan-background-color has-background wp-block-heading\"><a href=\"https:\/\/github.com\/ALW1EZ\/Arkhota#userlist--wordlist\"><\/a><strong>Userlist \/ Wordlist<\/strong><\/h5>\n\n\n\n<ul class=\"wp-block-list\"><li>Userlist selector<\/li><\/ul>\n\n\n\n<p><em>Single: Sets a single username<\/em><\/p>\n\n\n\n<p><em>Generate: Generates runtime with given options<\/em><\/p>\n\n\n\n<p><em>Wordlists: Sets prepared wordlist<\/em><\/p>\n\n\n\n<p><em>Custom wordlist: You can place your custom wordlist to \/sdcard\/ABF\/<\/em><\/p>\n\n\n\n<p><em>Then this selector will have it (if required permissions given.).<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Username box<\/li><\/ul>\n\n\n\n<p><em>You need to specify a username&nbsp;<strong>if you selected Single<\/strong>.<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Charset selectors<\/li><\/ul>\n\n\n\n<p>[W]&nbsp;<em>You need to specify charset, min &amp; max length to generate runtime.<\/em><\/p>\n\n\n\n<p><strong>If you selected Generate<\/strong>, checkboxes will help you to select._<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Prefix &amp; Suffix<\/li><\/ul>\n\n\n\n<p><em>You can specify prefix &amp; suffix to be added to your username<\/em><\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/ALW1EZ\/Arkhota#its-same-for-the-password-part-too\"><\/a>It&#8217;s same for the password part too.<\/h5>\n\n\n\n<h5 class=\"has-light-green-cyan-background-color has-background wp-block-heading\"><a href=\"https:\/\/github.com\/ALW1EZ\/Arkhota#configuration\"><\/a><strong>Configuration<\/strong><\/h5>\n\n\n\n<ul class=\"wp-block-list\"><li>Beep switch<\/li><\/ul>\n\n\n\n<p><em>Beeps if attack success.<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Fail\/Success switch<\/li><\/ul>\n\n\n\n<p><em>Decides how to react connection response<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>POST\/GET switch<\/li><\/ul>\n\n\n\n<p><em>Decides type of connection<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>User-Agent<\/li><\/ul>\n\n\n\n<p>_Sets user-agent for connection.<\/p>\n\n\n\n<p><strong>if<\/strong>&nbsp;&#8220;Original UA&#8221; set, then original user-agent set<\/p>\n\n\n\n<p><strong>Othervise<\/strong>&nbsp;given text will set to user-agent_<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/ALW1EZ\/Arkhota#tip-it-has-autocomplete-for-several-user-agents-all-of-them-starts-with-mozilla-type-and-select-one-if-you-dont-want-to-expose-your-original-ua-but-you-dont-know-what-to-set\"><\/a><strong>tip: It has autocomplete for several user-agents, all of them starts with &#8220;Mozilla&#8221;, type and select one if you don&#8217;t want to expose your original ua, but you don&#8217;t know what to set<\/strong><\/h5>\n\n\n\n<ul class=\"wp-block-list\"><li>Timeout<\/li><\/ul>\n\n\n\n<p><em>Sets timeout for connection, in milliseconds<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Cookie<\/li><\/ul>\n\n\n\n<p><em>Sets cookie value for connection<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Regex (required)<\/li><\/ul>\n\n\n\n<p><em>Determines what to look in connection response<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Empty box<\/li><\/ul>\n\n\n\n<p><em>Tried username:password pairs &amp; result will shown there.<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>[W] Start<\/li><\/ul>\n\n\n\n<p><em>Starts attack!<\/em><\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Important<\/strong><\/p>\n\n\n\n<p>URL &amp; Body:&nbsp;<strong><code>^USER^<\/code>&nbsp;&amp;&nbsp;<code>^PASS^<\/code>&nbsp;are placeholders for username and password.<\/strong>&nbsp;You need to place them in url or the body (depends what type you choose to connection)<\/p>\n\n\n\n<p>Regex &amp; Fail\/Success switch: These two determines the result of the attack.<\/p>\n\n\n\n<p>If switch points to &#8220;Fail&#8221;, and if given regex found in the response, this means, this is a fail, continue to attack.<\/p>\n\n\n\n<p>if switch points to &#8220;Success&#8221;, and if given regex found in response, this means this is a success!, write result to empty box (in format &#8220;FOUND: username:password&#8221;) and stop the attack.<\/p>\n\n\n\n<p>Copying: Long click on the empty box will copy the content. if password found, it copies in&nbsp;<code><strong>username:password<\/strong><\/code>&nbsp;format Otherwise copies whole content.<\/p>\n\n\n\n<p>If attack is over and unsuccessful, it just stops at the last user:password.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Screenshots &amp; Videos<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-avVL9gquwGE\/YMRbNeO0VNI\/AAAAAAAAJbA\/SgM_sJ1t7sQk0Ia43TADcFa_oHdf0bMIwCLcBGAsYHQ\/s1415\/1.jpg\" alt=\"\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-aoli4iisQf8\/YMRbYX_qraI\/AAAAAAAAJbE\/hmCnRAD3OJEOxh1uujTMxYeAMXiPIyfQwCLcBGAsYHQ\/s1410\/2.jpg\" alt=\"\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-kUW0a8h1_dw\/YMRbh7_vPpI\/AAAAAAAAJbI\/SIDnFm6qPQoYYdkrQIwon1zSxlM8YPX4ACLcBGAsYHQ\/s1408\/3.jpg\" alt=\"\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-XmNlz-mPKk4\/YMRbtUdLszI\/AAAAAAAAJbQ\/UjxAqeijZU4cKhGSeUlVFxRUvvAx2GBhACLcBGAsYHQ\/s1409\/4.jpg\" alt=\"\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-2E9-kHhv3Lw\/YMRb3veZMWI\/AAAAAAAAJbY\/6AtWVUlHfWIwCcEwY-0Epc9b2lZAc9WWgCLcBGAsYHQ\/s1417\/5.jpg\" alt=\"\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-HUol854n1NI\/YMRcMDqDosI\/AAAAAAAAJbo\/nXYIcRSbNzwhppdPvLzdUtpSdk-yUB_1gCLcBGAsYHQ\/s1415\/6.jpg\" alt=\"\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-txPiO3uIHho\/YMRcYkdR9nI\/AAAAAAAAJbw\/0gClKPgLZPkoeoafkLzyEExf3RIfUU8DACLcBGAsYHQ\/s1410\/7.jpg\" alt=\"\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-csYb076_7cg\/YMRcxKKqzTI\/AAAAAAAAJb8\/UBd_o10JKSgR8EXFR5SJQMWA9aOI1e5tACLcBGAsYHQ\/s1413\/8.jpg\" alt=\"\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-keLTU0JiaO8\/YMRdFTwLwVI\/AAAAAAAAJcE\/W4pv50fG0HMNseLGgMWOnOhPCuOuw2hcQCLcBGAsYHQ\/s1415\/9.jpg\" alt=\"\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-0_Xdgho4CMo\/YMRdQAf0QnI\/AAAAAAAAJcI\/vKZY0XVdUikLWFD6Dm7l1Y7rSuw0Sk1rACLcBGAsYHQ\/s1410\/10.jpg\" alt=\"\"\/><\/figure>\n\n\n\n<h4 class=\"has-text-align-center has-vivid-green-cyan-background-color has-background wp-block-heading\"><strong>Warning<\/strong><\/h4>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>Runtime changeable parameters<\/strong><\/p>\n\n\n\n<p>Every parameter editable during attack, but none of the parameters will changeable during attack, except two. &#8220;Fail\/Success&#8221; and &#8220;Beep&#8221; switch.<\/p>\n\n\n\n<p>This means: If you started the attack, and want to change a parameter (e.g charset), editing will not change anything, this changes applies after pressing start button. BUT If you started the attack with beep option on, and you want to change it. You don&#8217;t need to re-start attack, just click on switch and it won&#8217;t beep when attack success.<\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>About &#8220;Generate&#8221; &amp; Custom wordlists<\/strong><\/p>\n\n\n\n<p>The Generate option is&nbsp;<strong>NOT<\/strong>&nbsp;recommended Runtime generating &amp; parsing is a really hard work for a phone. Also it&#8217;s not stable, all possible words will be generated, but may not be sequential. If you really need to select it, keep everything minimum. If your phone freezes or crashes, you know selected options is not suitable your phone&#8217;s processor.<\/p>\n\n\n\n<p>Do&nbsp;<strong>NOT<\/strong>&nbsp;place big wordlists to \/ABF\/ directory. This will cause freezing &amp; crashing.<\/p>\n\n\n\n<p>And do&nbsp;<strong>NOT<\/strong>&nbsp;forget standard smartphones have far less processor power rather than a computer, this project is for small and quick attacks.<\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>About speed<\/strong><\/p>\n\n\n\n<p>Depends on your speed of network &amp; remote host.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>How To Stop The Attack<\/strong><\/p>\n\n\n\n<p>This version of Arkhota doesn&#8217;t support &#8220;stopping the attack&#8221;.&nbsp;<strong>BUT<\/strong>&nbsp;that doesn&#8217;t mean you cannot stop. Just change &#8220;Fail\/Success&#8221; switch to opposite direction and wait one more request. This will cause a false-positive on purpose to stop. Or You can simply close and re-open the application.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Arkhota is a web (HTTP\/S) brute forcer for Android. A web brute forcer is always in a hacker&#8217;s computer, for obvious reasons. Sometimes attacks require to be quick or\/and with minimal device preparation. Also a phone takes less attention rather than a laptop\/computer. For this situations here&#8217;s Arkhota. Usage Explanation is in order of objects [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16870,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-8cTVkaXElfs\/YMRYyL4fkGI\/AAAAAAAAJa4\/WFY7kf85WvoHs69eZuF_-CKnPrIQPZ06QCLcBGAsYHQ\/s728\/banner%2B%25281%2529.png","fifu_image_alt":"Arkhota : A Web Brute Forcer For Android","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[156,231,459,3611],"class_list":["post-13447","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-android","tag-arkhota","tag-brute-forcer","tag-web"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Arkhota : A Web (HTTP\/S) Brute Forcer For Android<\/title>\n<meta name=\"description\" content=\"Arkhota is a web (HTTP\/S) brute forcer for Android. A web brute forcer is always in a hacker&#039;s computer, for obvious reasons.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/arkhota\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Arkhota : A Web (HTTP\/S) Brute Forcer For Android\" \/>\n<meta property=\"og:description\" content=\"Arkhota is a web (HTTP\/S) brute forcer for Android. A web brute forcer is always in a hacker&#039;s computer, for obvious reasons.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/arkhota\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-13T15:53:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-8cTVkaXElfs\/YMRYyL4fkGI\/AAAAAAAAJa4\/WFY7kf85WvoHs69eZuF_-CKnPrIQPZ06QCLcBGAsYHQ\/s728\/banner%2B%25281%2529.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-8cTVkaXElfs\/YMRYyL4fkGI\/AAAAAAAAJa4\/WFY7kf85WvoHs69eZuF_-CKnPrIQPZ06QCLcBGAsYHQ\/s728\/banner%2B%25281%2529.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/arkhota\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/arkhota\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"Arkhota : A Web Brute Forcer For Android\",\"datePublished\":\"2021-06-13T15:53:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/arkhota\/\"},\"wordCount\":741,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/arkhota\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-8cTVkaXElfs\/YMRYyL4fkGI\/AAAAAAAAJa4\/WFY7kf85WvoHs69eZuF_-CKnPrIQPZ06QCLcBGAsYHQ\/s728\/banner%2B%25281%2529.png\",\"keywords\":[\"android\",\"Arkhota\",\"Brute Forcer\",\"web\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/arkhota\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/arkhota\/\",\"name\":\"Arkhota : A Web (HTTP\/S) Brute Forcer For Android\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/arkhota\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/arkhota\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-8cTVkaXElfs\/YMRYyL4fkGI\/AAAAAAAAJa4\/WFY7kf85WvoHs69eZuF_-CKnPrIQPZ06QCLcBGAsYHQ\/s728\/banner%2B%25281%2529.png\",\"datePublished\":\"2021-06-13T15:53:12+00:00\",\"description\":\"Arkhota is a web (HTTP\/S) brute forcer for Android. A web brute forcer is always in a hacker's computer, for obvious reasons.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/arkhota\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/arkhota\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-8cTVkaXElfs\/YMRYyL4fkGI\/AAAAAAAAJa4\/WFY7kf85WvoHs69eZuF_-CKnPrIQPZ06QCLcBGAsYHQ\/s728\/banner%2B%25281%2529.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-8cTVkaXElfs\/YMRYyL4fkGI\/AAAAAAAAJa4\/WFY7kf85WvoHs69eZuF_-CKnPrIQPZ06QCLcBGAsYHQ\/s728\/banner%2B%25281%2529.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Arkhota : A Web (HTTP\/S) Brute Forcer For Android","description":"Arkhota is a web (HTTP\/S) brute forcer for Android. A web brute forcer is always in a hacker's computer, for obvious reasons.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/arkhota\/","og_locale":"en_US","og_type":"article","og_title":"Arkhota : A Web (HTTP\/S) Brute Forcer For Android","og_description":"Arkhota is a web (HTTP\/S) brute forcer for Android. A web brute forcer is always in a hacker's computer, for obvious reasons.","og_url":"https:\/\/kalilinuxtutorials.com\/arkhota\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2021-06-13T15:53:12+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-8cTVkaXElfs\/YMRYyL4fkGI\/AAAAAAAAJa4\/WFY7kf85WvoHs69eZuF_-CKnPrIQPZ06QCLcBGAsYHQ\/s728\/banner%2B%25281%2529.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-8cTVkaXElfs\/YMRYyL4fkGI\/AAAAAAAAJa4\/WFY7kf85WvoHs69eZuF_-CKnPrIQPZ06QCLcBGAsYHQ\/s728\/banner%2B%25281%2529.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/arkhota\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/arkhota\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"Arkhota : A Web Brute Forcer For Android","datePublished":"2021-06-13T15:53:12+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/arkhota\/"},"wordCount":741,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/arkhota\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-8cTVkaXElfs\/YMRYyL4fkGI\/AAAAAAAAJa4\/WFY7kf85WvoHs69eZuF_-CKnPrIQPZ06QCLcBGAsYHQ\/s728\/banner%2B%25281%2529.png","keywords":["android","Arkhota","Brute Forcer","web"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/arkhota\/","url":"https:\/\/kalilinuxtutorials.com\/arkhota\/","name":"Arkhota : A Web (HTTP\/S) Brute Forcer For Android","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/arkhota\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/arkhota\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-8cTVkaXElfs\/YMRYyL4fkGI\/AAAAAAAAJa4\/WFY7kf85WvoHs69eZuF_-CKnPrIQPZ06QCLcBGAsYHQ\/s728\/banner%2B%25281%2529.png","datePublished":"2021-06-13T15:53:12+00:00","description":"Arkhota is a web (HTTP\/S) brute forcer for Android. A web brute forcer is always in a hacker's computer, for obvious reasons.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/arkhota\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/arkhota\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-8cTVkaXElfs\/YMRYyL4fkGI\/AAAAAAAAJa4\/WFY7kf85WvoHs69eZuF_-CKnPrIQPZ06QCLcBGAsYHQ\/s728\/banner%2B%25281%2529.png","contentUrl":"https:\/\/1.bp.blogspot.com\/-8cTVkaXElfs\/YMRYyL4fkGI\/AAAAAAAAJa4\/WFY7kf85WvoHs69eZuF_-CKnPrIQPZ06QCLcBGAsYHQ\/s728\/banner%2B%25281%2529.png"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-8cTVkaXElfs\/YMRYyL4fkGI\/AAAAAAAAJa4\/WFY7kf85WvoHs69eZuF_-CKnPrIQPZ06QCLcBGAsYHQ\/s728\/banner%2B%25281%2529.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":5255,"url":"https:\/\/kalilinuxtutorials.com\/facebash-facebook-brute-forcer-shellscript\/","url_meta":{"origin":13447,"position":0},"title":"Facebash : Facebook Brute Forcer In Shellscript Using TOR","author":"R K","date":"June 6, 2019","format":false,"excerpt":"Facebash is a tool for facebook Brute Forcer in shellscript using TOR. Warning : Facebook blocks account for 1 hour after 20 wrong passwords, so this script can perform only 20 pass\/h. Features Save\/Resume sessionsAnonymous attack through TORDefault Password List (+39k) Also Read - H2Buster : A Threaded, Recursive, Web\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6986,"url":"https:\/\/kalilinuxtutorials.com\/xmlrpc-brute-forcer-wordpress-python\/","url_meta":{"origin":13447,"position":1},"title":"XMLRPC : An Brute Forcer Targeting WordPress Written In Python 3","author":"R K","date":"October 22, 2019","format":false,"excerpt":"An XMLRPC brute forcer targeting Wordpress written in Python 3. In the context of xmlrpc brute forcing, its faster than Hydra and WpScan. It can brute force 1000 passwords per second. Usage -- python3 xmlrcpbruteforce.py http:\/\/wordpress.org\/xmlrpc.php passwords.txt username -- python3 xmlrpcbruteforce.py http:\/\/wordpress.org\/xmlrpc.php passwords.txt userlist.txt ( >>in progess<<) Bugs If you\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":4492,"url":"https:\/\/kalilinuxtutorials.com\/instainsane-instagram-brute-forcer\/","url_meta":{"origin":13447,"position":2},"title":"Instainsane : Multi-threaded Instagram Brute Forcer","author":"R K","date":"April 7, 2019","format":false,"excerpt":"Instainsane is an Shell Script to perform multi-threaded brute force attack against Instagram, this script can bypass login limiting and it can test infinite number of passwords with a rate of about 1000 passwords\/min with 100 attemps at once. Features Multi-thread (100 attempts at once) Save\/Resume sessions Anonymous attack through\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":34416,"url":"https:\/\/kalilinuxtutorials.com\/100-red-team-projects\/","url_meta":{"origin":13447,"position":3},"title":"100 Red Team Projects &#8211; A Comprehensive Guide For Pentesters And Network Managers","author":"Varshini","date":"August 13, 2024","format":false,"excerpt":"Red Teaming is one of the most attractive fields in offensive security or ethical hacking. Every day professionals and students are learning, creating and exploiting all types of systems. The internet is not only the most common means through which people interact and chat, but also a place where they\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEggxtwb1x6nJdr8vwLlb0XofGJI8L4MWo2BXmoKhRRJreXSL5JyORDbbtJsFnec9njID0vvTLyXpHbiqdCmP2ackTEDgugmO2EFLb8s5Mms0xC0Kk-UC7lZ1C2LW8ZUMGVfDXhf6WQjvBpFndfvAsI4dw8v-fkfh2nHwiZ6AplD-fDUx3-_QUE6dlDfaAzc\/s16000\/100%20Red%20Team%20Projects%20.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEggxtwb1x6nJdr8vwLlb0XofGJI8L4MWo2BXmoKhRRJreXSL5JyORDbbtJsFnec9njID0vvTLyXpHbiqdCmP2ackTEDgugmO2EFLb8s5Mms0xC0Kk-UC7lZ1C2LW8ZUMGVfDXhf6WQjvBpFndfvAsI4dw8v-fkfh2nHwiZ6AplD-fDUx3-_QUE6dlDfaAzc\/s16000\/100%20Red%20Team%20Projects%20.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEggxtwb1x6nJdr8vwLlb0XofGJI8L4MWo2BXmoKhRRJreXSL5JyORDbbtJsFnec9njID0vvTLyXpHbiqdCmP2ackTEDgugmO2EFLb8s5Mms0xC0Kk-UC7lZ1C2LW8ZUMGVfDXhf6WQjvBpFndfvAsI4dw8v-fkfh2nHwiZ6AplD-fDUx3-_QUE6dlDfaAzc\/s16000\/100%20Red%20Team%20Projects%20.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEggxtwb1x6nJdr8vwLlb0XofGJI8L4MWo2BXmoKhRRJreXSL5JyORDbbtJsFnec9njID0vvTLyXpHbiqdCmP2ackTEDgugmO2EFLb8s5Mms0xC0Kk-UC7lZ1C2LW8ZUMGVfDXhf6WQjvBpFndfvAsI4dw8v-fkfh2nHwiZ6AplD-fDUx3-_QUE6dlDfaAzc\/s16000\/100%20Red%20Team%20Projects%20.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEggxtwb1x6nJdr8vwLlb0XofGJI8L4MWo2BXmoKhRRJreXSL5JyORDbbtJsFnec9njID0vvTLyXpHbiqdCmP2ackTEDgugmO2EFLb8s5Mms0xC0Kk-UC7lZ1C2LW8ZUMGVfDXhf6WQjvBpFndfvAsI4dw8v-fkfh2nHwiZ6AplD-fDUx3-_QUE6dlDfaAzc\/s16000\/100%20Red%20Team%20Projects%20.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEggxtwb1x6nJdr8vwLlb0XofGJI8L4MWo2BXmoKhRRJreXSL5JyORDbbtJsFnec9njID0vvTLyXpHbiqdCmP2ackTEDgugmO2EFLb8s5Mms0xC0Kk-UC7lZ1C2LW8ZUMGVfDXhf6WQjvBpFndfvAsI4dw8v-fkfh2nHwiZ6AplD-fDUx3-_QUE6dlDfaAzc\/s16000\/100%20Red%20Team%20Projects%20.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":13290,"url":"https:\/\/kalilinuxtutorials.com\/cilocks\/","url_meta":{"origin":13447,"position":4},"title":"CiLocks : Android LockScreen Bypass","author":"R K","date":"June 12, 2021","format":false,"excerpt":"CiLocks (Crack Interface lockscreen), Metasploit and More Android Hacking. Update Available V1.1.0 \u00a0Added New Tools\u00a0Root Android {Supersu} Not Support All OS Version\u00a0Jump To Adb Toolkit\u00a0Remove Lockscreen {Root}\u00a0Jump To Metasploit\u00a0Restore All Media Deleted (Coomingsoon)\u00a0Brute Pin 4 Digit\u00a0Brute Pin 6 Digit\u00a0Brute LockScreen Using Wordlist\u00a0Bypass LockScreen {Antiguard} Not Support All OS Version\u00a0Reset Data\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":4522,"url":"https:\/\/kalilinuxtutorials.com\/pyrit-wpa-precomputed-cracker-google\/","url_meta":{"origin":13447,"position":5},"title":"Pyrit : The Famous WPA Pre-Computed Cracker, Migrated from Google","author":"R K","date":"April 9, 2019","format":false,"excerpt":"Pyrit allows you to create massive databases of pre-computed WPA\/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through ATI-Stream,Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of the world's most used security-protocols. WPA\/WPA2-PSK is\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/13447","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=13447"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/13447\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16870"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=13447"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=13447"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=13447"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}