├── Disclaimer.md
├── LICENSE.md
├── README.md
├── images
├── BoomDemo.gif
└── qr.jpg
├── passwords.txt
└── users.txt
/Disclaimer.md:
--------------------------------------------------------------------------------
1 | ## 免责声明
2 |
3 | 本工具仅面向**合法授权**的企业安全建设行为,如您需要测试本工具的可用性,请自行搭建测试环境。
4 |
5 | 在使用本工具进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权。**请勿对非授权目标进行爆破。**
6 |
7 | 禁止对本软件实施逆向工程、反编译、试图破译源代码等行为。
8 |
9 | **如果发现上述禁止行为,我们将保留追究您法律责任的权利。**
10 |
11 | 如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,本项目作者将不承担任何法律及连带责任。
12 |
13 | 在安装并使用本工具前,请您**务必审慎阅读、充分理解各条款内容**,限制、免责条款或者其他涉及您重大权益的条款可能会以加粗、加下划线等形式提示您重点注意。
14 | 除非您已充分阅读、完全理解并接受本协议所有条款,否则,请您不要安装并使用本工具。您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。
15 |
16 |
17 | ## Disclaimer
18 |
19 | This tool is only intended for enterprise security construction behaviors that are **legally authorized**. If you need to test the tool's functionality, please set up your own testing environment.
20 |
21 | When using this tool for testing, you should ensure that your behavior complies with local laws and regulations, and that you have obtained sufficient authorization. **Do not perform brute-force attacks on unauthorized targets.**
22 |
23 | Reverse engineering, decompiling, attempting to crack the source code, and other such behaviors are strictly prohibited.
24 |
25 | **If any of the above prohibited behaviors are discovered, we reserve the right to pursue legal action against you.**
26 |
27 | If you engage in any illegal behavior while using this tool, you will bear the corresponding consequences yourself, and the project author will not be responsible for any legal or joint liability.
28 |
29 | Before installing and using this tool, please **carefully read and fully understand** all terms and conditions, including restrictions, disclaimers, or other terms related to your significant interests that may be highlighted in bold or underlined. Unless you have fully read, completely understood, and accepted all the terms and conditions of this agreement, do not install and use this tool. Your use or any other express or implied acceptance of this agreement shall be deemed as your acknowledgment and acceptance of the binding force of this agreement.
--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
1 | 在符合以下条件的情况下,我们欢迎任何人以任何形式使用本项目(包括商用)。
2 |
3 | - 注明集成了本项目(注明方式: 在项目介绍页附上本项目 repo 地址)
4 | - 同意 https://github.com/Fly-Playgroud/Boom/blob/master/Disclaimer.md 免责声明
5 |
6 | Anyone is welcome to use this program in any form provided the following conditions are met (Including commercial).
7 |
8 | - Indicate the integration of the project (indicate: attach the repo address of the project on the project introduction page)
9 | - Agree to https://github.com/Fly-Playgroud/Boom/blob/master/Disclaimer.md disclaimer
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | 💥 I'm Boom 💥
2 |
3 | 
4 | 
5 | 
6 |
7 |
8 |
9 |
10 | ## 👑 Boom 简介
11 |
12 | **Boom** 是一款基于无头浏览器的 Web 弱口令爆破工具。它具有以下特性:
13 |
14 | - 自动识别网页是否是登录页面
15 | - 自动识别爆破目标类型:表单/传统认证协议类型(Basic/Digest/NTLM)
16 | - 自动识别登录相关组件并填充点击
17 | - 自动判别登录成功与否
18 | - 支持 URL 批量并发爆破
19 | - 支持单 URL 并发爆破
20 | - 多种爆破模式:**密码优先**和**用户名优先**
21 |
22 | - WebHook 消息推送
23 | - [ ] 支持验证码组件识别
24 |
25 |
26 |
27 | ## ✨ Demo
28 |
29 | 
30 |
31 |
32 |
33 | ## 🚀 快速使用
34 |
35 | **在使用之前,请务必阅读并同意 [License](https://github.com/Fly-Playgroud/Boom/blob/master/LICENSE.md) 文件中的条款,否则请勿安装使用本工具。**
36 |
37 | **[下载Boom](https://github.com/Fly-Playgroud/Boom/releases)**
38 |
39 | 1. 单个URL爆破:
40 |
41 | ```bash
42 | Boom -t https://www.example.com/login.html --us users.txt --ps ./passwords.txt
43 | ```
44 |
45 | - `-t` :指定单个爆破目标
46 | - `--us` :指定用户名字典
47 | - `--ps`:指定密码字典
48 |
49 | > 注意:在未显示使用 `-m` 参数时将使用默认爆破模式——**密码优先**
50 |
51 | 2. URL 批量爆破
52 |
53 | ```bash
54 | Boom --ts targets.txt --us users.txt --ps passwords.txt
55 | ```
56 |
57 | - `--ts` :指定爆破目标的字典
58 | - `--us` :指定用户名字典
59 | - `--ps`:指定密码字典
60 |
61 |
62 | 3. 爆破结果存储
63 |
64 | 爆破结果存储有两种格式:
65 |
66 | - `--to` :--text-ouput 的缩写,以文本格式输出到指定的文件中
67 | - `--jo` :--json-output 的缩写,以 JSON 结构化数据存储到指定 JSON 文件中
68 |
69 | ```bash
70 | Boom --ts targets.txt --us users.txt --ps passwords.txt --to ./res.txt
71 | ```
72 |
73 | > `--jo` 和 `--to` 是文件 publisher 的快捷方式而已,通过配置文件配置 File Publisher 也是可以的
74 |
75 |
76 |
77 | ## 📒 配置文件介绍
78 |
79 | ```yaml
80 | # Version: 0.3
81 |
82 | max_boom_concurrent: 2 # 最大同时爆破的目标个数
83 | boom_target_path: "" # 爆破目标字典路径
84 | browser_config: # 浏览器配置
85 | browser_model: local # 浏览器模式
86 | chrome_bin_path: "" # 浏览器可执行文件所在路径
87 | chrome_temp_dir: ./chrome_temp # 浏览器临时文件存储目录
88 | disable_headless: false # 禁用无头模式
89 | disable_images: true # 禁用图片
90 | leak_less: true # 实验性参数:防止内存泄露
91 | no_sandbox: true # 是否使用沙盒:Linux 以 root 用户运行的情况下设置为 true
92 | proxy: "" # 浏览器代理
93 | running_chrome: # 正在运行的浏览器:如果启用, Boom 将会接管正在使用的浏览器
94 | enable: false
95 | ip: ""
96 | port: 0
97 | user_agent: "" # 浏览器 UA
98 | logger_config: # 日志配置
99 | logger_level: "info" # 默认日志等级
100 | logger_time_format: 2006/01/02 15:04:05 # 日志输出时间格式
101 | logger_file_name: ./log/boom.log # 日志文件存储路径
102 | logger_output_level: [] # 输出到文件中的日志等级
103 | logger_file_max_size: 50 # 日志文件最大体积:单位 MB
104 | logger_file_max_backups: 5 # 日志文件最大备份个数:单位 个
105 | logger_file_max_age: 30 # 日志文件最大存储时长:单位 天
106 | logger_prefix: "" # 日志前缀
107 | global_boom_config: # 全局爆破配置
108 | boomConCurrent: 2 # 单个爆破目标的爆破并发数
109 | clientMaxTimeout: 5 # 客户端最大超时时间
110 | boomModel: 2 # 爆破模式:1.用户名优先--用户名跑字典,密码固定;2.密码优先--密码跑字典,用户名固定
111 | boomTarget: "" # 爆破的目标
112 | userNamePath: "" # 用户名字典路径
113 | passwordPath: "" # 密码字典路径
114 | publish_config: # publisher_config/webhook config
115 | file: # 文件 publisher
116 | enable: true # 是否开启文件存储
117 | format: text # 结果存储格式:text/json
118 | filePath: ./res.txt # 存储文件路径:.txt/.json
119 | ```
120 |
121 | ## 🏩 学习交流
122 | 扫描添加作者QQ,拉你进群
123 | 备注:**Boom**
124 | 
125 |
126 |
--------------------------------------------------------------------------------
/images/BoomDemo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Fly-Playgroud/Boom/5a3beae130e1caf75ec31768526a74cdaff384af/images/BoomDemo.gif
--------------------------------------------------------------------------------
/images/qr.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Fly-Playgroud/Boom/5a3beae130e1caf75ec31768526a74cdaff384af/images/qr.jpg
--------------------------------------------------------------------------------
/passwords.txt:
--------------------------------------------------------------------------------
1 | 123456
2 | password
3 | 12345678
4 | 1234
5 | admin@123
6 | admin
7 | 1111
8 | root
9 | user
10 | support
11 | develop
12 | engineer
13 | administrator123
14 | Administrator
15 | pussy
16 | 12345
17 | dragon
18 | qwerty
19 | 696969
20 | mustang
21 | letmein
22 | baseball
23 | master
24 | michael
25 | football
26 | shadow
27 | monkey
28 | abc123
29 | pass
30 | fuckme
31 | 6969
32 | jordan
33 | harley
34 | ranger
35 | iwantu
36 | jennifer
37 | hunter
38 | fuck
39 | 2000
40 | test
41 | batman
42 | trustno1
43 | thomas
44 | tigger
45 | robert
46 | access
47 | love
48 | buster
49 | 1234567
50 | soccer
51 | hockey
52 | killer
53 | george
54 | sexy
55 | andrew
56 | charlie
57 | superman
58 | asshole
59 | fuckyou
60 | dallas
61 | jessica
62 | panties
63 | pepper
64 | 1111
65 | austin
66 | william
67 | daniel
68 | golfer
69 | summer
70 | heather
71 | hammer
72 | yankees
73 | joshua
74 | maggie
75 | biteme
76 | enter
77 | ashley
78 | thunder
79 | cowboy
80 | silver
81 | richard
82 | fucker
83 | orange
84 | merlin
85 | michelle
86 | corvette
87 | bigdog
88 | cheese
89 | matthew
90 | 121212
91 | patrick
92 | martin
93 | freedom
94 | ginger
95 | blowjob
96 | nicole
97 | sparky
98 | yellow
99 | camaro
100 | secret
101 | dick
102 | falcon
103 | taylor
104 | 111111
105 | 131313
106 | 123123
107 | bitch
108 | hello
109 | scooter
110 | please
111 | porsche
112 | guitar
113 | chelsea
114 | black
115 | diamond
116 | nascar
117 | jackson
118 | cameron
119 | 654321
120 | computer
121 | amanda
122 | wizard
123 | xxxxxxxx
124 | money
125 | phoenix
126 | mickey
127 | bailey
128 | knight
129 | iceman
130 | tigers
131 | purple
132 | andrea
133 | horny
134 | dakota
135 | aaaaaa
136 | player
137 | sunshine
138 | morgan
139 | starwars
140 | boomer
141 | cowboys
142 | edward
143 | charles
144 | girls
145 | booboo
146 | coffee
147 | xxxxxx
148 | bulldog
149 | ncc1701
150 | rabbit
151 | peanut
152 | john
153 | johnny
154 | gandalf
155 | spanky
156 | winter
157 | brandy
158 | compaq
159 | carlos
160 | tennis
161 | james
162 | mike
163 | brandon
164 | fender
165 | anthony
166 | blowme
167 | ferrari
168 | cookie
169 | chicken
170 | maverick
171 | chicago
172 | joseph
173 | diablo
174 | sexsex
175 | hardcore
176 | 666666
177 | willie
178 | welcome
179 | chris
180 | panther
181 | yamaha
182 | justin
183 | banana
184 | driver
185 | marine
186 | angels
187 | fishing
188 | david
189 | maddog
190 | hooters
191 | wilson
192 | butthead
193 | dennis
194 | fucking
195 | captain
196 | bigdick
197 | chester
198 | smokey
199 | xavier
200 | steven
201 | viking
202 | snoopy
203 | blue
204 | eagles
205 | winner
206 | samantha
207 | house
208 | miller
209 | flower
210 | jack
211 | firebird
212 | butter
213 | united
214 | turtle
215 | steelers
216 | tiffany
217 | zxcvbn
218 | tomcat
219 | golf
220 | bond007
221 | bear
222 | tiger
223 | doctor
224 | gateway
225 | gators
226 | angel
227 | junior
228 | thx1138
229 | porno
230 | badboy
231 | debbie
232 | spider
233 | melissa
234 | booger
235 | 1212
236 | flyers
237 | fish
238 | porn
239 | matrix
240 | teens
241 | scooby
242 | jason
243 | walter
244 | cumshot
245 | boston
246 | braves
247 | yankee
248 | lover
249 | barney
250 | victor
251 | tucker
252 | princess
253 | mercedes
254 | 5150
255 | doggie
256 | zzzzzz
257 | gunner
258 | horney
259 | bubba
260 | 2112
261 | fred
262 | johnson
263 | xxxxx
264 | tits
265 | member
266 | boobs
267 | donald
268 | bigdaddy
269 | bronco
270 | penis
271 | voyager
272 | rangers
273 | birdie
274 | trouble
275 | white
276 | topgun
277 | bigtits
278 | bitches
279 | green
280 | super
281 | qazwsx
282 | magic
283 | lakers
284 | rachel
285 | slayer
286 | scott
287 | 2222
288 | asdf
289 | video
290 | london
291 | 7777
292 | marlboro
293 | srinivas
294 | internet
295 | action
296 | carter
297 | jasper
298 | monster
299 | teresa
300 | jeremy
301 | 11111111
302 | bill
303 | crystal
304 | peter
305 | pussies
306 | cock
307 | beer
308 | rocket
309 | theman
310 | oliver
311 | prince
312 | beach
313 | amateur
314 | 7777777
315 | muffin
316 | redsox
317 | star
318 | testing
319 | shannon
320 | murphy
321 | frank
322 | hannah
323 | dave
324 | eagle1
325 | 11111
326 | mother
327 | nathan
328 | raiders
329 | steve
330 | forever
331 | angela
332 | viper
333 | ou812
334 | jake
335 | lovers
336 | suckit
337 | gregory
338 | buddy
339 | whatever
340 | young
341 | nicholas
342 | lucky
343 | helpme
344 | jackie
345 | monica
346 | midnight
347 | college
348 | baby
349 | cunt
350 | brian
351 | mark
352 | startrek
353 | sierra
354 | leather
355 | 232323
356 | 4444
357 | beavis
358 | bigcock
359 | happy
360 | sophie
361 | ladies
362 | naughty
363 | giants
364 | booty
365 | blonde
366 | fucked
367 | golden
368 | 0
369 | fire
370 | sandra
371 | pookie
372 | packers
373 | einstein
374 | dolphins
375 | 0
376 | chevy
377 | winston
378 | warrior
379 | sammy
380 | slut
381 | 8675309
382 | zxcvbnm
383 | nipples
384 | power
385 | victoria
386 | asdfgh
387 | vagina
388 | toyota
389 | travis
390 | hotdog
391 | paris
392 | rock
393 | xxxx
394 | extreme
395 | redskins
396 | erotic
397 | dirty
398 | ford
399 | freddy
400 | arsenal
401 | access14
402 | wolf
403 | nipple
404 | iloveyou
405 | alex
406 | florida
407 | eric
408 | legend
409 | movie
410 | success
411 | rosebud
412 | jaguar
413 | great
414 | cool
415 | cooper
416 | 1313
417 | scorpio
418 | mountain
419 | madison
420 | 987654
421 | brazil
422 | lauren
423 | japan
424 | naked
425 | squirt
426 | stars
427 | apple
428 | alexis
429 | aaaa
430 | bonnie
431 | peaches
432 | jasmine
433 | kevin
434 | matt
435 | qwertyui
436 | danielle
437 | beaver
438 | 4321
439 | 4128
440 | runner
441 | swimming
442 | dolphin
443 | gordon
444 | casper
445 | stupid
446 | shit
447 | saturn
448 | gemini
449 | apples
450 | august
451 | 3333
452 | canada
453 | blazer
454 | cumming
455 | hunting
456 | kitty
457 | rainbow
458 | 112233
459 | arthur
460 | cream
461 | calvin
462 | shaved
463 | surfer
464 | samson
465 | kelly
466 | paul
467 | mine
468 | king
469 | racing
470 | 5555
471 | eagle
472 | hentai
473 | newyork
474 | little
475 | redwings
476 | smith
477 | sticky
478 | cocacola
479 | animal
480 | broncos
481 | private
482 | skippy
483 | marvin
484 | blondes
485 | enjoy
486 | girl
487 | apollo
488 | parker
489 | qwert
490 | time
491 | sydney
492 | women
493 | voodoo
494 | magnum
495 | juice
496 | abgrtyu
497 | 777777
498 | dreams
499 | maxwell
500 | music
501 | rush2112
502 | russia
503 | scorpion
504 | rebecca
505 | tester
506 | mistress
507 | phantom
508 | billy
509 | 6666
510 | albert
--------------------------------------------------------------------------------
/users.txt:
--------------------------------------------------------------------------------
1 | admin
2 | 1111
3 | root
4 | test
5 | user
6 | support
7 | develop
8 | engineer
9 | administrator
10 | Administrator
11 |
--------------------------------------------------------------------------------