The code in this repo could be used to run credential stuffing (and other ATO) attacks. The code is super simple and there are a number of tools out there that would do a better job than my late-night hacked codez. This repo is NOT meant to be malicious in any manner, quite the opposite. I want to show security and non-security folks how easy it is to run an ATO attack with existing developer tools (I also show you how to stop this attack).

This repo exists as apart of a blog series: Answering the "What", "Why" and "How" of Account Takeover. This series describes the anatomy of Account Takeover attacks and how to stop these attacks, before you end up in the news!

You can use the (or a) version of the naive demo to stop attacks but if you want to do more than just stop the simplest of credential stuffing attacks you should take a look at Precognitive. We've spent the last 3+ years building a platform that not only stops all types of credential stuffing but also utilizes behavioral analytics, native device integrations, and data modeling to stop multiple Account Takeover attack vectors.

Do you want to learn more? Feel free to email me directly.

Hackathon-Starter for an awesome boilerplate I can use to test my hacking skills 😄