This is a js front-end encryption blasting account and password tools

Related tags

Security related resourcesJsFak
Overview

JsFak

背景:

Author:0xAXSDD By Gamma安全实验室

version:1.0

explain:这是一款用户绕过前端js加密进行密码爆破的工具,你无需在意js加密的细节,只需要输入你想要爆破url,以及username输入框的classname,password输入框的classname,点击登录框classname,爆破用户名,密码字典等就可,暂时不支持带验证码校验的爆破

例子:

只爆破密码:```python JsFak.py -u url -user admin -Pd password.txt -cu user_classname -cp pass_classname -l login_classname```
爆破密码和用户:```python main.py -ud username.txt -pd password.txt -cu user_classname -cp user_classname -l user_classname -u url```
详情功能参考  -h
也可以指定输出结果文件:-f

注意:如果遇到的classname  带空格  请用""括起来 Sever服务默认的是8080端口,如果需要修改,直接点Sever类修改,并指定参数-p,填入的类名一定要是input标签的哟

该工具还有局限性,因为只是我实战时遇到的一个站,所以按需开发,如果有什么好的建议想法欢迎和我交流

欢迎关注微信公众号"Gamma安全实验室",接触最前线的安全骚操作,以及实用的好工具! 如果有任何bug,欢迎留言!

说明:

请严格遵守网络安全法,切勿走上违法犯罪的道路,工具只用于安全技术研究,实验室不承担任何责任

安装说明:

工具使用的是python3的环境,python2会报错,请大家运行切换到python3的环境

因为在最初的设计的时候,没想那么多,只想的能爆破密码账号就好,所以工具环境具有局限性,默认是本机安装chrome浏览器,这里没有用chromedriver,如果想用的自行修改源码。

1.安装chromedriver

自带chromederiver,如果想自己指定,需修改源码配置

2.安装selenium

selenium可以直接可以用pip安装。

pip install selenium

3.下载browsermobproxy

源码以及附带了一个browsermobproxy文件,所以就不需要下载,如果需要重新下载,还得修改源码重新指定。

4.安装python -browsermobproxy包

pip install browsermob-proxy

5.无法通过class来查找input标签

如果通过input没有class属性就必须更换查找的方式了,可以通过id,什么的 参考:

find_element_by_id
find_element_by_name
find_element_by_xpath
find_element_by_link_text
find_element_by_partial_link_text
find_element_by_tag_name
find_element_by_class_name
find_element_by_css_selector
多个元素选取
find_elements_by_name
find_elements_by_xpath
find_elements_by_link_text
find_elements_by_partial_link_text
find_elements_by_tag_name
find_elements_by_class_name
find_elements_by_css_selector
Owner
GitHub Repository
A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs. Fuzzing for more

Duc Linh Nguyen 4 Aug 08, 2022
Log4j2 intranet scan

Log4j2-intranet-scan ⚠️ 免责声明 本项目仅面向合法授权的企业安全建设行为,在使用本项目进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权 如您在使用本项目的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任 在使用本项目前,请您务

k3rwin 16 Dec 19, 2022
Encrypted Python Password Manager

PyPassKeep Encrypted Python Password Manager About PyPassKeep (PPK for short) is an encrypted python password manager used to secure your passwords fr

KrisIsHere 1 Nov 17, 2021
pwncat module that automatically exploits CVE-2021-4034 (pwnkit)

pwncat_pwnkit Introduction The purpose of this module is to attempt to exploit CVE-2021-4034 (pwnkit) on a target when using pwncat. There is no need

Dana Epp 33 Jul 01, 2022
Tools for investigating Log4j CVE-2021-44228

Log4jTools Tools for investigating Log4j CVE-2021-44228 FetchPayload.py (Get java payload from ldap path provided in JNDI lookup). Example command: Re

MalwareTech 91 Dec 29, 2022
DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun

vijay sahu 12 Dec 17, 2022
Complet and easy to run Port Scanner with Python

Port_Scanner Complet and easy to run Port Scanner with Python Installation 1- git clone https://github.com/s120000/Port_Scanner 2- cd Port_Scanner 3-

1 May 19, 2022
Grafana-POC(CVE-2021-43798)

Grafana-Poc 此工具请勿用于违法用途。 一、使用方法:python3 grafana_hole.py 在domain.txt中填入ip:port 二、漏洞影响范围 影响版本: Grafana 8.0.0 - 8.3.0 安全版本: Grafana 8.3.1, 8.2.7, 8.1.8,

8 Jan 03, 2023
Just another script for automatize boolean-based blind SQL injections.

SQL Blind Injection Tool A script for automatize boolean-based blind SQL injections. Works with SQLite at least, supports using cookies. It uses bitwi

RIM 51 Dec 15, 2022
NExfil is an OSINT tool written in python for finding profiles by username.

NExfil is an OSINT tool written in python for finding profiles by username. The provided usernames are checked on over 350 websites within few seconds.

thewhiteh4t 1.4k Jan 01, 2023
Password List Maker

Red-Key Red-Key Password List Maker Version 1.1.2 Created By FireKing255 -=Features=- Create Random Password List Create Password List Create Password

FireKing255 7 Dec 26, 2021
Attack SQL Server through gopher protocol

Attack SQL Server through gopher protocol

hack2fun 17 Nov 30, 2022
CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE

CVE-2022-1388 CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE. POST /mgmt/tm/util/bash HTTP/1.1 Host: Accept-Encoding: gzip, deflate Accept: */

M4rtin Hsu 81 Dec 12, 2022
A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

📂 Public Bug Bounty Targets Data By BugBountyResources A collection of over 5.1M sub-domains and assets belonging to bug bounty targets, all put in a

Bug Bounty Resources 87 Dec 13, 2022
Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

django-permissions-policy Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app. Requirements Python 3.

Adam Johnson 76 Nov 30, 2022
Provides script to download and format public IP lists related to the Log4j exploit.

Provides script to download and format public IP lists related to the Log4j exploit. Current format includes: plain list, Cisco ASA Network Group.

Gianluca Ulivi 1 Jan 02, 2022
PwdGen is a Python Tkinter tool for generating secure 16 digit passwords.

PwdGen ( Password Generator ) is a Python Tkinter tool for generating secure 16 digit passwords. Installation Simply install requirements pip install

zJairO 7 Jul 14, 2022
A python script written for lazy people to hack their school systen ;D

F-ck-the-system A python script written for lazy people to hack their school systen ;D Python voice notes writer This is a python script to record you

Sachit 2 Jan 09, 2022
Automatic ProxyShell Exploit

proxyshell-auto usage: proxyshell.py [-h] -t T Automatic Exploit ProxyShell optional arguments: -h, --help show this help message and exit -t T

lulz 93 Jan 05, 2023
Ini membuat tema berbasis bendera Indonesia with Python + Linux.py

tema Ubah Tema Termux Menjadi Linux Ubah Font Termux Jadi Linux dibuat oleh wahyudioputra INSTALL pkg update && pkg upgrade pkg install python pkg ins

wahyudioputra 2 Nov 30, 2021