A password guessing framework.
Project description
Big Friggin Gun (BFG)
BFG is a simple modular framework to perform brute-force attacks. It uses the BruteLoops library for the brute force and database management logic.
Features
- SQLite Datastore
- Authentication data/requests are maintained in an SQLite database.
- Query capabilities enable granular timing configurations.
- Facilitates safe, resumable attacks.
- Database management tools are embedded in BFG via BruteLoops
- Run
bfg cli manage-db --help.
- Run
- BruteLoops Capabilities
- Resumable attacks that do not repeat previous guesses.
- Simultaneous support for password spraying and credential stuffing.
- Parallel guessing.
- Lockout avoidance via two layers of jitter configurations.
- User/password prioritization.
- Universal protocol/application capabilities.
- Granular logging:
- Lockouts happen. It's part of life.
- BruteLoops provides a log record for each guess, along with timestamp.
- Allows operators to reconstruct a timeline of events if things go bad.
- Modular Framework
- Simple class-based modules provide reusable arguments/components.
- YAML Attack/Database Profiles
- YAML files can be used to supply configuration values to BFG.
- Avoids complex command line flags.
Docker Support
A compose file is available for this project. See this document for more information.
Supported Platforms
Only Linux is supported at the moment, however a Docker implementation will soon follow.
Quick Install
pip3 install bl-bfg
Then confirm installation:
bfg --help
Documentation
See the docs directory for additional documentation:
Current Attack Modules
Below are the attack modules currently in BFG.
Most people will be interested in http.o365_graph as it can be used to attack
login.microsoftonline.com.
http.accellion_ftp Accellion FTP HTTP interface login module
http.adfs Active Directory Federated Services
http.basic_digest Generic HTTP basic digest auth
http.basic_ntlm Generic HTTP basic NTLM authentication
http.global_protect Global Protect web interface
http.lync Brute force Microsoft Lync.
http.mattermost Mattermost login web interface
http.netwrix Netwrix web login
http.o365_graph Office365 Graph API
http.okta Okta JSON API
http.owa2010 OWA 2010 web interface
http.owa2016 OWA 2016 web interface
http.sap_webdynpro SAP Netweaver Webdynpro, ver. 7.3007.20120613105137.0000
smb.smb Target a single SMB server
testing.fake Fake authentication module for training/testing
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file bl-bfg-1.0.4.tar.gz.
File metadata
- Download URL: bl-bfg-1.0.4.tar.gz
- Upload date:
- Size: 97.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.18
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8d038b1f42ad7a3b861161719abbe3e0cb087fcb39565d06fa66eb7e3ff8fe99 |
|
| MD5 | f6a80c6e4da51cda1f4bf8fcd0eadda8 |
|
| BLAKE2b-256 | 2e306f4b654a848bc5f1d805abf1cfe20389e3230d35f4814220561a96183a18 |
File details
Details for the file bl_bfg-1.0.4-py3-none-any.whl.
File metadata
- Download URL: bl_bfg-1.0.4-py3-none-any.whl
- Upload date:
- Size: 113.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.18
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 91f93ff970bd07bd22b0d20a146b72c5ab4ffa48cce69979802116827cf5fd61 |
|
| MD5 | 030fcfda6e6bbf0363d0b0bfb58ab36b |
|
| BLAKE2b-256 | 566a6e669e32bddeab466a17a8d49ca5cf44e486bccfcb460a886f1bba581c90 |
