Home

Awesome

blaster

简介

blaster 是一款弱密码隐患检测工具,用于网站登录弱密码检测。

无论是在漏洞响应平台,还是日常工作中,大家或许在为图片验证码、登录加密等无法直接登录测试而烦恼,所以blaster应运而生。它支持导入用户名密码字典,多并发图片验证码识别,自动填充表单元素,无视任何登录加密。

内测

在团队小伙伴内测期间,斩获多个专属厂商登录弱口令高危漏洞。

<img src="images/image-20220130144704974.png" alt="image-20220130144704974" style="zoom:50%;" />

功能

配置

服务端搭建,该服务对应客户端配置中的 captchabreak_serverurl,它用于图片验证码识别。

python3 cbhs.py -a user:pass -p port	# 自定义服务端basic认证用户名密码、开放端口

客户端配置 config.yaml

# 示例目标网址:http://www.example.com/login
# 示例登录目标最终发送的请求数据包地址:http://www.example.com/api/user/login
# 示例图片验证码识别服务:python3 cbhs.py -a admin:123 -p 8999

target_url: 'http://www.example.com/login' # 登录目标网址
browser_path: 'C:\Program Files\Google\Chrome\Application\chrome.exe' # 浏览器的路径
headless: false # 设置false显式运行浏览器 true则反之
captchabreak_serverurl: 'http://admin:123@127.0.0.1:8999/cb' # 图片验证码识别服务,使用captchabreak_serverurl文件夹中的脚本进行搭建
before_all_js_expr: '' # 在开始填写账号密码之前执行的js表达式
userinput_jspath: 'document.querySelector("#loginid")'	# 用户名输入框js path
passinput_jspath: 'document.querySelector("#security_in")'	# 密码输入框js path
captchainput_jspath: 'document.querySelector("#jcaptcha")'	# 验证码输入框js path
captchaimg_jspath: 'document.querySelector("#vcode")'	# 验证码图片js path
before_login_js_expr: '' # 在点击登录之前执行的js表达式
loginbutton_jspath: 'document.querySelector("#vcode")'
loginreq_pattern: '*user/login*' # 登录请求的url特征码,实际登录数据包url path
body_exclude_regex: # 排除请求的正则,即只要命中其中任意一个正则的请求响应将被抛弃
- 'regex1'
- 'regex2'
maxbody_bytes_display: 512 # 登录请求响应包最大限制,超过限制则不会显示
concurrency: 1 # 并发数
timeout_ms: 50000 # 浏览器中操作的超时时间(毫秒)
timeinterval_ms: 300 # 浏览器中操作登录过程中每个操作之间的时间间隔(毫秒)
proxy: '' # 代理
<img src="images/image-20220128184615741.png" alt="image-20220128184615741" style="zoom:50%;" /> <img src="images/image-20220128185148609.png" alt="image-20220128185148609" style="zoom: 33%;" />

使用

C:\Users\balster>blaster_win.exe
Usage of blaster_win.exe:
  -c string
        config file	# 指定config.yaml
  -o string
        output file path (optional)	# 暴力破解测试数据输出文件位置
  -p string
        pass dict file path	# 指定密码字典
  -u string
        user dict file path	# 指定用户名字典
C:\Users\blaster>blaster_win.exe -c conf.yaml -u user.txt -p pwds.txt -o res.csv
2022/01/28 19:09:08 200 OPTIONS admin   admin   0
2022/01/28 19:09:08 200 POST    admin   admin   86      {"result":-1,"errorCode":"10005","title":"fail","description":"10005","retValue":null}
2022/01/28 19:09:10 200 POST    admin   admin123        135     {"result":-1,"errorCode":"10011","title":"fail","description":"密码过于简单,请使用手机号验证码登录","retValue":null}
2022/01/28 19:09:13 200 POST    admin   123456  135     {"result":-1,"errorCode":"10011","title":"fail","description":"密码过于简单,请使用手机号验证码登录","retValue":null}
2022/01/28 19:09:16 200 POST    admin   1234567 135     {"result":-1,"errorCode":"10011","title":"fail","description":"密码过于简单,请使用手机号验证码登录","retValue":null}
2022/01/28 19:09:18 200 POST    admin   12345678        135     {"result":-1,"errorCode":"10011","title":"fail","description":"密码过于简单,请使用手机号验证码登录","retValue":null}
2022/01/28 19:09:21 200 POST    admin   password        86      {"result":-1,"errorCode":"10005","title":"fail","description":"10005","retValue":null}
2022/01/28 19:09:24 200 POST    admin   Aa123456.       86      {"result":-1,"errorCode":"10001","title":"fail","description":"10001","retValue":null}
2022/01/28 19:09:26 200 POST    admin   p@$$w0rd        86      {"result":-1,"errorCode":"10005","title":"fail","description":"10005","retValue":null}
2022/01/28 19:09:29 200 POST    admin   1q2W#e4r        86      {"result":-1,"errorCode":"10001","title":"fail","description":"10001","retValue":null}
2022/01/28 19:09:32 200 POST    admin   P@$$w0rd        126     {"result":-1,"errorCode":"10008","title":"fail","description":"密码错误次数已满,请明天再登录","retValue":null}
2022/01/28 19:09:34 200 POST    admin   password123     126     
<img src="images/image-20220128190926538.png" alt="image-20220128190926538" style="zoom:50%;" /> <img src="images/image-20220128191129181.png" alt="image-20220128191129181" style="zoom: 33%;" />

TODO

UPDATE

下载

https://github.com/PoJun-Lab/blaster/releases

交流群加入

群满请扫描下方二维码邀请进入,备注blaster

<img src="images/image-20220211111225264.png" alt="image-20220211111225264" style="zoom: 33%;" />