Python automation of the following [write up]( on an elabFTW account lockout bypass and login brute force that affects versions before 4.1.0.

Both scripts can be used against Proving Grounds Practice lab named Source, which is running a vulnerable version of elabFTW - a free and open source electronic lab notebook.

The account login requires an email address so a valid domain of any potential user needs to be known before brute forcing user names.

Once a valid account is found put that into the login brute force script.