GithubHelp home page GithubHelp logo

fly-playgroud / boom Goto Github PK

View Code? Open in Web Editor NEW
256.0 3.0 16.0 695 KB

Boom 是一款基于无头浏览器的智能 Web 弱口令(后台密码)爆破\检测工具

License: Other

go-rod golang password-cracking-tool passwrod websecurity

boom's Introduction

Hi 👋, I'm BUG-Fly

写BUG飞起的Coder.

About Me

  • 🔭 I’m currently working something cool!
  • 🌱 I’m currently learning AI、WASM、Python、Go, and Rust.
  • 👯 I’m an Rod member

🤖 Github State

BUG-Fly's GitHub stats

💻 Top Language

Top Langs

boom's People

Contributors

fly-playgroud avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

darkkid0 incorrectk whoamisysteminfo sec-fork lubyruffy dbb-pro rassec uuuunotfound encryasdf1 onebuf whmsec york-cmd h1d3r testitok brandonw6000

boom's Issues

使用感受:识别率比WebCrack 稍好

经过几天一百多个网站测试,可以爆破的网站比WebCrack多一些,但也只是好一些,大部分(无验证码)网站还是识别不到登录从而无法爆破,我看就是简单的layui/layer写的登录页面,也识别不到,网站不好贴出来不好说,另外爆破速度有点慢,期待完善!谢谢分享!

适用面不是很广

简单试了2个cms不是很好用,希望作者能把适用的一些网站标出来。

问题

师傅这个有啥参考的开源工具吗,想学习学习代码

无法识别华途应用安全网关ASG系统的登录页面

hunter 检索关键字:web.title=="应用安全网关 - Powered By asg"
运行后Boom不认为它是一个登录页面

[INFO] 2023/10/26 10:29:17 analyze page info for target: https://xxxx/admin/login.jsp
[INFO] 2023/10/26 10:29:19 target: https://xxxx/admin/login.jsp is not a login type page

功能建议

1.额外的账户密码对,比如admin1/123456,admin1/123456a!,admin2/a123456等,之所以不在users.txt添加,是因为会并发更多容易被拦截,也会添加爆破时间,不常用的账户只尝试几个密码。
2.可以指定用户名,如 Boom.exe -t --us:admin1 https://baidu.com
3.有什么可以省略掉Boom.exe -t开头的方案或者自动添加上的方案?或者如WebCrack一样再次爆破直接按上翻建确认再粘贴链接即可,否则频繁使用的时候都要加上Boom.exe -t或者删除一长串链接 比较费时间
4.识别不到登陆页面或者识别到的密码不对,已经发qq邮箱给你了
谢谢大佬分享这么好的工具!

-o ss.txt

能把成功的信息输出到指定文件就好了

Vue.js 写的网站能破不?

1.Vue.js 之类的网页是一推的js,看源码并没有login的地方这工具能破不谢谢?
2.能否弄成打开粘贴网站进去就能破的?省事,不用cmd等命令行费事,谢谢

分享你的 Boom 瞬间

在这里留下师傅们使用 Boom 爆破成功的案例,对目标可以进行打码脱敏哟

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.