Giters

cqr-cryeye-forks / Blazy

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

Home Page:https://teamultimate.in

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Blazy

Blazy is a modern login page bruteforcer.

Features

  • Easy target selections
  • Smart form and error detection
  • CSRF and Clickjacking Scanner
  • Cloudflare and WAF Detector
  • 90% accurate results
  • Checks for login bypass via SQL injection
  • large database of credentials
  • Multi-threading
  • 100% accurate results
  • Better form detection and compatibility

Requirements

  • Beautiful Soup
  • Mechanize

Installation

Open your terminal and enter

git clone https://github.com/cqr-cryeye-forks/Blazy

Now enter the following command

cd Blazy

Lets install the required modules before running Blazy

pip install -r requirements.txt

Usage

usage: blazy.py [-h] [-v] [-a] [-u USERNAMES] [-p PASSWORDS] [-o OUTPUT] url

Tool for bruteforce log-in forms

positional arguments:
  url                   Target url or domain

options:
  -h, --help            show this help message and exit
  -v, --verbose         Show debug information
  -a, --all             Run everything scans without choices and don't quit
                        after finding results
  -u USERNAMES, --usernames USERNAMES
                        File with usernames
  -p PASSWORDS, --passwords PASSWORDS
                        File with passwords
  -o OUTPUT, --output OUTPUT
                        Output file. Data will be saved as json

If --all flag is selected, then, after finding first match script will not stop and will brute all given usernames and passwords

Output examples

Findings and extra data are saving in output.json

Json structure

{
  "url": "http://testphp.vulnweb.com/login.php",
  "findings": [
    {
      "username": "test",
      "related_username_form": "uname",
      "password": "test",
      "related_password_form": "pass"
    }
  ],
  "extra": [
    "Heuristic found a Clickjacking Vulnerability",
    "Heuristic found a CSRF Vulnerability"
  ]
}

CLI output (clear):

    ____   _                    
       |  _ \ | |              
       | |_) || |  __ _  ____ _   _ 
       |  _ < | | / _` ||_  /| | | |
       | |_) || || (_| | / / | |_| |
       |____/ |_| \__,_|/___| \__, |
                               __/ |
        Made with <3 By D3V   |___/ 
        
[+] Heuristic found a Clickjacking Vulnerability
[+] Heuristic found a CSRF Vulnerability
[+] Found 2 forms

[+] Valid credentials found:
Username: test
Password: test

CLI output (verbose):

    ____   _                    
       |  _ \ | |              
       | |_) || |  __ _  ____ _   _ 
       |  _ < | | / _` ||_  /| | | |
       | |_) || || (_| | / / | |_| |
       |____/ |_| \__,_|/___| \__, |
                               __/ |
        Made with <3 By D3V   |___/ 
        
[>] Usernames loaded: 81483
[>] Passwords loaded: 100006
Target url: http://testphp.vulnweb.com/login.php
[+] Heuristic found a Clickjacking Vulnerability
[+] Heuristic found a CSRF Vulnerability
[+] Found 2 forms
[!] Username field: uname
[!] Password field: pass
[-] Bruteforce started: 2022-08-22 23:19:27.901756
[>] Brute forcing username: test
[>] Passwords tried: 1 / 100006
[+] Valid credentials found:
Username: test
Password: test
[-] Bruteforce finished: 2022-08-22 23:19:28.776774. Total: 0:00:00.875018
[!] Username field: searchFor
Saving data into /home/nick/PycharmProjects/tools/blazy/output.json

About

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

https://teamultimate.in

License:GNU General Public License v3.0

Languages

Language:Python 100.0%