bl-bfg

Release 1.0.4

A password guessing framework.

Homepage PyPI Python

License
MIT
Install
pip install bl-bfg==1.0.4

Documentation

Big Friggin Gun (BFG)

BFG is a simple modular framework to perform brute-force attacks. It uses the BruteLoops library for the brute force and database management logic.

command-example

Features

  • SQLite Datastore
    • Authentication data/requests are maintained in an SQLite database.
    • Query capabilities enable granular timing configurations.
    • Facilitates safe, resumable attacks.
    • Database management tools are embedded in BFG via BruteLoops
      • Run bfg cli manage-db --help.
  • BruteLoops Capabilities
    • Resumable attacks that do not repeat previous guesses.
    • Simultaneous support for password spraying and credential stuffing.
    • Parallel guessing.
    • Lockout avoidance via two layers of jitter configurations.
    • User/password prioritization.
    • Universal protocol/application capabilities.
    • Granular logging:
      • Lockouts happen. It's part of life.
      • BruteLoops provides a log record for each guess, along with timestamp.
      • Allows operators to reconstruct a timeline of events if things go bad.
  • Modular Framework
    • Simple class-based modules provide reusable arguments/components.
  • YAML Attack/Database Profiles
    • YAML files can be used to supply configuration values to BFG.
    • Avoids complex command line flags.

Docker Support

A compose file is available for this project. See this document for more information.

Supported Platforms

Only Linux is supported at the moment, however a Docker implementation will soon follow.

Quick Install

pip3 install bl-bfg

Then confirm installation:

bfg --help

Documentation

See the docs directory for additional documentation:

Current Attack Modules

Below are the attack modules currently in BFG.

Most people will be interested in http.o365_graph as it can be used to attack login.microsoftonline.com.

http.accellion_ftp  Accellion FTP HTTP interface login module
http.adfs           Active Directory Federated Services
http.basic_digest   Generic HTTP basic digest auth
http.basic_ntlm     Generic HTTP basic NTLM authentication
http.global_protect Global Protect web interface
http.lync           Brute force Microsoft Lync.
http.mattermost     Mattermost login web interface
http.netwrix        Netwrix web login
http.o365_graph     Office365 Graph API
http.okta           Okta JSON API
http.owa2010        OWA 2010 web interface
http.owa2016        OWA 2016 web interface
http.sap_webdynpro  SAP Netweaver Webdynpro, ver. 7.3007.20120613105137.0000
smb.smb             Target a single SMB server
testing.fake        Fake authentication module for training/testing

Stats

Dependencies
8
Dependent packages
0
Dependent repositories
0
Total releases
18
Latest release
First release
Stars
28
Forks
9
Watchers
2
Contributors
2
Repository size
481 KB
SourceRank
9

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.0.4
1.0.3
1.0.2
1.0.1
1.0.0
0.5.4.6
0.5.4.5
0.5.4.4
0.5.4.3
0.5.4.1
See all 18 releases

Contributors

Justin Angel Kadawi


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2023-10-03 18:47:02 UTC

Login to resync this project