engMaher / Baf
Licence: agpl-3.0
Blind Attacking Framework
Stars: ✭ 71
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Baf
Vulnx
vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}
Stars: ✭ 1,009 (+1321.13%)
Mutual labels: hacking-tool, exploitation
Awesome Bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (+167.61%)
Mutual labels: hacking-tool, exploitation
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 1,392 (+1860.56%)
Mutual labels: hacking-tool, exploitation
reosploit
A Tool that Finds, Enumerates, and Exploits Reolink Cameras.
Stars: ✭ 89 (+25.35%)
Mutual labels: exploitation, hacking-tool
Deep-Inside
Command line tool that allows you to explore IoT devices by using Shodan API.
Stars: ✭ 22 (-69.01%)
Mutual labels: shodan, hacking-tool
Xattacker
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (+1163.38%)
Mutual labels: hacking-tool, exploitation
Entropy
Entropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.
Stars: ✭ 126 (+77.46%)
Mutual labels: hacking-tool, shodan
DevBrute-A Password Brute Forcer
DevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.
Stars: ✭ 91 (+28.17%)
Mutual labels: exploitation, hacking-tool
crawleet
Web Recon & Exploitation Tool.
Stars: ✭ 48 (-32.39%)
Mutual labels: exploitation, hacking-tool
Hacker Roadmap
📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.
Stars: ✭ 7,752 (+10818.31%)
Mutual labels: hacking-tool, exploitation
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 870 (+1125.35%)
Mutual labels: hacking-tool, exploitation
Cfw2ofw Helper
Providing aid in converting video games.
Stars: ✭ 44 (-38.03%)
Mutual labels: hacking-tool
Pixiewps
An offline Wi-Fi Protected Setup brute-force utility
Stars: ✭ 1,149 (+1518.31%)
Mutual labels: hacking-tool
Sdwan Harvester
🌐 Automatically enumerate and fingerprint SD-WAN nodes on the internet
Stars: ✭ 42 (-40.85%)
Mutual labels: shodan
Kill Router
Ferramenta para quebrar senhas administrativas de roteadores Wireless, routers, switches e outras plataformas de gestão de serviços de rede autenticados.
Stars: ✭ 57 (-19.72%)
Mutual labels: shodan
Swift Keylogger
Keylogger for mac written in Swift using HID
Stars: ✭ 995 (+1301.41%)
Mutual labels: hacking-tool
Pwin
Security Evaluation of Dynamic Binary Instrumentation Engines
Stars: ✭ 70 (-1.41%)
Mutual labels: exploitation
BAF 0.2.0
-
version [0.2.0] --> [(public releases).(beta versions).(bugfixes patches)]
-
this framework is under AGPLv3 license
What is BAF ?
-
it's a framework written in python [2.7] that is being made specially for blind attacking , ie : attacking random targets with common security issues , targets are currently generated by the hackers search engine "shodan" and vulnerable hosts are hacked in an automated way .
-
this framework is completely "neutral" ie: it will not based on a search engine API and it has total dependence on web scraping , ie: the only limit on what can be done is contributers skills/immagination & search engine availability as a web app .
Why BAF ?
- because blind attacking makes every vulnerable & exposed host to the internet a targeted one , hence increases the awareness of potential threats
- because the best way to prevent knowlege abuse under the hood is sharing it with everyone
- because it will always add new to the community and will never be a replica
What is new in the 2nd beta version BAF 0.2.0 ?
- BAF authentication : it provides free access to all shodan premium account's results through BAF authentication server which uses a premium student accounts chain to balance the users load/authenticates with shodan web app
- BAF became totally invisible with no browser head using phantomjs as the webdriver instead of firefox
- telnet agent & webcam agent are transfered to vulnerability assessment module so stay tuned for them in the upcoming releases .
How to use BAF ?
- fire up a terminal and sudo apt-get update && apt-get upgrade && apt-get dist-upgrade
- install [ requests , httplib , urllib , time , bs4 "BeautifulSoup" , colored , selenium , sys ] python modules
- python BAF_0.1.0.py
- use BAF authentication to atomatically authenticate with shodan via premium account to get access to all search results or enter your shodan's account username and pass for custom account login
- choose 1 , let it do it's job , press y , close the previous tab , press y ,close the previous tabs ...etc till u have the vulnerable cams only
- choose 2 , enter what do u want to search for (ie: NSA) , when it's done , refer to the targets text file , it will contain the targets ip:port
- that's all
- DON'T close a loading webpage
- beta versions will make automated browser open for better understanding ,but you can close the webcam tabs freely
Pictures from the framework
TODO list
- [x] custom search that exports the targets ips / open ports to text file for custom attacks
- [x] serially open admin/admin webcams login pages
- [x] using phantomjs instead of firefox as a headless browser
- [x] creating/testing BAF authentication server
- [ ] loging into hosts through common services telnet,ssh,ftp,.. etc of the hosts with default credentials
- [ ] bruteforcing webcams login pages
- [ ] automatic search / exploitation of common vulnerabilities on different patforms
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].