- 🔭 I’m currently working something cool!
- 🌱 I’m currently learning AI、WASM、Python、Go, and Rust.
- 👯 I’m an Rod member
🤖 Github State
💻 Top Language
Boom 是一款基于无头浏览器的智能 Web 弱口令(后台密码)爆破\检测工具
License: Other
经过几天一百多个网站测试,可以爆破的网站比WebCrack多一些,但也只是好一些,大部分(无验证码)网站还是识别不到登录从而无法爆破,我看就是简单的layui/layer写的登录页面,也识别不到,网站不好贴出来不好说,另外爆破速度有点慢,期待完善!谢谢分享!
简单试了2个cms不是很好用,希望作者能把适用的一些网站标出来。
师傅这个有啥参考的开源工具吗,想学习学习代码
hunter 检索关键字:web.title=="应用安全网关 - Powered By asg"
运行后Boom不认为它是一个登录页面
[INFO] 2023/10/26 10:29:17 analyze page info for target: https://xxxx/admin/login.jsp
[INFO] 2023/10/26 10:29:19 target: https://xxxx/admin/login.jsp is not a login type page
1.额外的账户密码对,比如admin1/123456,admin1/123456a!,admin2/a123456等,之所以不在users.txt添加,是因为会并发更多容易被拦截,也会添加爆破时间,不常用的账户只尝试几个密码。
2.可以指定用户名,如 Boom.exe -t --us:admin1 https://baidu.com
3.有什么可以省略掉Boom.exe -t开头的方案或者自动添加上的方案?或者如WebCrack一样再次爆破直接按上翻建确认再粘贴链接即可,否则频繁使用的时候都要加上Boom.exe -t或者删除一长串链接 比较费时间
4.识别不到登陆页面或者识别到的密码不对,已经发qq邮箱给你了
谢谢大佬分享这么好的工具!
师傅可以考虑下爆破用户字典一直跑完,爆破成功一个用户后不结束,可以用于全面的WEB弱口令检查
扫的时候一直analysis一个站点不结束,有什么办法解决。顺便问一句有源码吗
能把成功的信息输出到指定文件就好了
1.Vue.js 之类的网页是一推的js,看源码并没有login的地方这工具能破不谢谢?
2.能否弄成打开粘贴网站进去就能破的?省事,不用cmd等命令行费事,谢谢
在这里留下师傅们使用 Boom 爆破成功的案例,对目标可以进行打码脱敏哟
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.