A simple password guessing framework.
Project description
Big Friggen Gun (BFG)
BFG is a simple modular framework to perform brute-force attacks. It uses the BruteLoops library for the brute force and database management logic.
Features
- BruteLoops Capabilities
- Resumable attacks that do not repeat previous guesses
- Simultaneous support for password spraying and credential stuffing
- Parallel guessing
- Lockout avoidance via two layers of jitter configurations
- User/password prioritization
- Universal protocol/application capabilities
- Granular logging
- Lockouts happen. It's part of life.
- BruteLoops provides a log record for each guess, along with timestamp
- Allows operators to reconstruct a timeline of events if things go bad
- Modular Framework
- Simple class-based modules provide reusable arguments/components
- YAML Attack Profiles
- YAML files can be used to supply configuration values to BFG
- Avoids complex command line flags
Docker Support
A compose file is available for this project. See this document for more information.
Supported Platforms
Only Linux is supported at the moment, however a Docker implementation will soon follow.
Quick Install
pip3 install bl-bfg
Then confirm installation:
bfg --help
Documentation
See the docs directory for additional documentation:
Current Attack Modules
Below are the attack modules currently in BFG.
Most people will be interested in http.o365_graph
as it can be used to attack
login.microsoftonline.com
.
http.accellion_ftp Accellion FTP HTTP interface login module
http.adfs Active Directory Federated Services
http.basic_digest Generic HTTP basic digest auth
http.basic_ntlm Generic HTTP basic NTLM authentication
http.global_protect Global Protect web interface
http.lync Brute force Microsoft Lync.
http.mattermost Mattermost login web interface
http.netwrix Netwrix web login
http.o365_graph Office365 Graph API
http.okta Okta JSON API
http.owa2010 OWA 2010 web interface
http.owa2016 OWA 2016 web interface
http.sap_webdynpro SAP Netweaver Webdynpro, ver. 7.3007.20120613105137.0000
smb.smb Target a single SMB server
testing.fake Fake authentication module for training/testing
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
bl-bfg-0.5.4.tar.gz
(89.8 kB
view hashes)
Built Distribution
bl_bfg-0.5.4-py3-none-any.whl
(104.5 kB
view hashes)