bluecrack 3.0.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2025 Muhammad Taezeem Tariq
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,18 @@
1
+ # MANIFEST.in — Include package data in source distributions
2
+ include LICENSE
3
+ include README.md
4
+ include pyproject.toml
5
+
6
+ # Package data files
7
+ recursive-include src/bluecrack/templates *
8
+ recursive-include src/bluecrack/static *
9
+ recursive-include src/bluecrack/data *
10
+ recursive-include src/bluecrack/vendor *.py *.cfg
11
+
12
+ # Exclude development/test files
13
+ exclude .gitignore
14
+ prune tests
15
+ prune .github
16
+ prune __pycache__
17
+ global-exclude *.pyc
18
+ global-exclude __pycache__
@@ -0,0 +1,374 @@
1
+ Metadata-Version: 2.4
2
+ Name: bluecrack
3
+ Version: 3.0.0
4
+ Summary: Hydra-style browser-based credential auditing framework powered by Selenium WebDriver
5
+ Author-email: Muhammad Taezeem Tariq <taezeem14@gmail.com>
6
+ License: MIT
7
+ Project-URL: Homepage, https://github.com/taezeem14/BlueCrack
8
+ Project-URL: Repository, https://github.com/taezeem14/BlueCrack
9
+ Project-URL: Issues, https://github.com/taezeem14/BlueCrack/issues
10
+ Project-URL: Documentation, https://github.com/taezeem14/BlueCrack#readme
11
+ Keywords: security,pentesting,brute-force,selenium,credential-auditing,flask,websocket
12
+ Classifier: Development Status :: 4 - Beta
13
+ Classifier: Environment :: Console
14
+ Classifier: Environment :: Web Environment
15
+ Classifier: Framework :: Flask
16
+ Classifier: Intended Audience :: Developers
17
+ Classifier: Intended Audience :: Information Technology
18
+ Classifier: License :: OSI Approved :: MIT License
19
+ Classifier: Operating System :: OS Independent
20
+ Classifier: Programming Language :: Python :: 3
21
+ Classifier: Programming Language :: Python :: 3.9
22
+ Classifier: Programming Language :: Python :: 3.10
23
+ Classifier: Programming Language :: Python :: 3.11
24
+ Classifier: Programming Language :: Python :: 3.12
25
+ Classifier: Programming Language :: Python :: 3.13
26
+ Classifier: Topic :: Security
27
+ Classifier: Topic :: Internet :: WWW/HTTP
28
+ Classifier: Typing :: Typed
29
+ Requires-Python: >=3.9
30
+ Description-Content-Type: text/markdown
31
+ License-File: LICENSE
32
+ Requires-Dist: selenium>=4.15
33
+ Requires-Dist: flask>=3.0
34
+ Requires-Dist: flask-socketio>=5.3
35
+ Requires-Dist: requests>=2.31
36
+ Provides-Extra: tor
37
+ Requires-Dist: stem>=1.8; extra == "tor"
38
+ Provides-Extra: keyboard
39
+ Requires-Dist: keyboard>=0.13; extra == "keyboard"
40
+ Provides-Extra: all
41
+ Requires-Dist: stem>=1.8; extra == "all"
42
+ Requires-Dist: keyboard>=0.13; extra == "all"
43
+ Provides-Extra: dev
44
+ Requires-Dist: build; extra == "dev"
45
+ Requires-Dist: twine; extra == "dev"
46
+ Requires-Dist: pytest; extra == "dev"
47
+ Requires-Dist: ruff; extra == "dev"
48
+ Dynamic: license-file
49
+
50
+ # BlueCrack
51
+
52
+ ```
53
+ ██████╗ ██╗ ██╗ ██╗███████╗ ██████╗██████╗ █████╗ ██████╗██╗ ██╗
54
+ ██╔══██╗██║ ██║ ██║██╔════╝ ██╔════╝██╔══██╗██╔══██╗██╔════╝██║ ██╔╝
55
+ ██████╔╝██║ ██║ ██║█████╗ ██║ ██████╔╝███████║██║ █████╔╝
56
+ ██╔══██╗██║ ██║ ██║██╔══╝ ██║ ██╔══██╗██╔══██║██║ ██╔═██╗
57
+ ██████╔╝███████╗╚██████╔╝███████╗ ╚██████╗██║ ██║██║ ██║╚██████╗██║ ██╗
58
+ ╚═════╝ ╚══════╝ ╚═════╝ ╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝
59
+ ```
60
+
61
+ ![Python](https://img.shields.io/badge/Python-3.10%2B-3776AB?style=for-the-badge&logo=python&logoColor=white)
62
+ ![Flask](https://img.shields.io/badge/Flask-Web_UI-000000?style=for-the-badge&logo=flask&logoColor=white)
63
+ ![Selenium](https://img.shields.io/badge/Selenium-WebDriver-43B02A?style=for-the-badge&logo=selenium&logoColor=white)
64
+ ![License](https://img.shields.io/badge/License-MIT-green?style=for-the-badge)
65
+
66
+ **BlueCrack** is an advanced, Hydra-style browser-based login tester powered by Selenium and Flask. By driving actual Google Chrome instances in parallel, BlueCrack automates credential auditing against complex authentication portals that traditional HTTP-based brute-forcers cannot handle. It is wrapped in a premium, ultra-responsive dark web console streaming real-time statistics and execution logs.
67
+
68
+ ---
69
+
70
+ > ## ⚠️ Responsible Use Warning
71
+ >
72
+ > **BlueCrack is designed strictly for authorized security testing, educational research, and infrastructure auditing.** Unauthorized access to computer systems is illegal under international computer misuse laws (including the US CFAA and UK Computer Misuse Act). The developers assume **no liability** for misuse. Always obtain explicit written authorization before testing target environments.
73
+
74
+ ---
75
+
76
+ ## 🏗️ Architecture & Topology
77
+
78
+ Unlike simple script-based brute-forcers, BlueCrack implements a decoupled **Client-Server-Worker** model. The backend serves REST APIs and WebSockets to synchronize states, while thread-safe worker queues drive isolated automated browsers.
79
+
80
+ ### System Topology Map
81
+
82
+ The diagram below illustrates the relationship between the client dashboard, the Flask server, the background attack engine, and the automation instances:
83
+
84
+ ```mermaid
85
+ graph TD
86
+ subgraph Client ["Client Browser (Frontend)"]
87
+ UI["Web Dashboard (HTML5/CSS3)"]
88
+ JS["app.js (Socket.IO client & state)"]
89
+ UI <--> JS
90
+ end
91
+
92
+ subgraph Backend ["Python Server (Backend)"]
93
+ App["app.py (Flask Web Server)"]
94
+ Engine["engine.py (AttackEngine & callbacks)"]
95
+ App <--> Engine
96
+ end
97
+
98
+ subgraph BrowserWorkers ["Browser Automation"]
99
+ Driver1["Chrome WebDriver (Thread 1)"]
100
+ Driver2["Chrome WebDriver (Thread 2)"]
101
+ DriverN["Chrome WebDriver (Thread N)"]
102
+ end
103
+
104
+ subgraph TargetSystem ["Target Environment"]
105
+ Target["Target Login Form"]
106
+ DemoSrv["demo_server.py (Subprocess)"]
107
+ end
108
+
109
+ JS <-->|Socket.IO & REST APIs| App
110
+ Engine -->|Spawns| Driver1
111
+ Engine -->|Spawns| Driver2
112
+ Engine -->|Spawns| DriverN
113
+
114
+ Driver1 -->|Automates Login| Target
115
+ Driver2 -->|Automates Login| Target
116
+ DriverN -->|Automates Login| Target
117
+
118
+ App -.->|Subprocess Popen| DemoSrv
119
+ Driver1 -.->|Optionally tests| DemoSrv
120
+ ```
121
+
122
+ ### Attack Execution Data Flow
123
+
124
+ This sequence chart outlines the step-by-step lifecycle of an active credential audit:
125
+
126
+ ```mermaid
127
+ sequenceDiagram
128
+ autonumber
129
+ actor User as Security Tester
130
+ participant UI as Web Dashboard
131
+ participant App as app.py (Flask)
132
+ participant Queue as Thread-Safe Queue
133
+ participant Engine as AttackEngine (engine.py)
134
+ participant Worker as WebDriver Worker Thread
135
+ participant Target as Target Login Webpage
136
+
137
+ User->>UI: Input Target URL, Credentials & hit Start
138
+ UI->>App: POST /api/attack/start (JSON config)
139
+ App->>Engine: start(ctx)
140
+ activate Engine
141
+ Engine->>Queue: Populate (User, Pass) combos
142
+ Engine->>Worker: Spawn N worker threads
143
+ activate Worker
144
+
145
+ loop Until Queue is empty or Stopped
146
+ Queue->>Worker: Get next combo (user, pwd)
147
+ Worker->>Target: Load login URL
148
+ Worker->>Target: Auto-detect & inject User/Pass inputs
149
+ Worker->>Target: Click Submit Button
150
+ Worker->>Target: Inspect result page (DOM / Redirect)
151
+ alt Success Detected
152
+ Worker->>Engine: Log credentials found
153
+ Engine->>App: Emit "log" & "finished"
154
+ App->>UI: Stream live credentials & success sound
155
+ else Rate Limit Detected
156
+ Worker->>Engine: Report rate limit hit
157
+ Engine->>App: Emit "log" & cooldown metrics
158
+ App->>UI: Stream status & cooldown timer
159
+ Note over Worker: Cooldown sleep or Tor circuit shift
160
+ else Failure/Error
161
+ Worker->>Engine: Record failure/error metric
162
+ Engine->>App: Emit "progress" & "metrics"
163
+ App->>UI: Update live ETA & counter stats
164
+ end
165
+ end
166
+
167
+ deactivate Worker
168
+ deactivate Engine
169
+ Engine->>App: finished(success_flag)
170
+ App->>UI: Socket.IO finished event (Enable buttons)
171
+ ```
172
+
173
+ ---
174
+
175
+ ## 🎯 Features
176
+
177
+ ### Core Capabilities
178
+ * **Full JavaScript Compatibility**: Handles React, Angular, Vue, and vanilla JS portals by rendering pages in full browser sessions.
179
+ * **Auto-Selector Engine**: Employs heuristic-based JS injection to automatically identify input fields for usernames, passwords, and submit buttons.
180
+ * **Tor Proxy & IP Shift**: Rotates IP addresses automatically using Tor circuits by communicating with the Tor Control Port.
181
+ * **Thread-Safe Concurrent Workers**: Run up to 50 concurrent headless or GUI browser instances with synchronized queue mechanisms.
182
+ * **Dynamic Rate-Limit Evasion**: Pause testing, add jitter, or cycle proxy gateways when encountering rate-limiting string triggers.
183
+ * **CUPP & Sequence Profilers**: Built-in credential profiling and sequential zero-padded range wordlist generators.
184
+
185
+ ### Premium UI Enhancements
186
+ * **Lag-Free Logging**: Handles high-frequency console updates using `requestAnimationFrame` queue batching and `DocumentFragment` inserts to eliminate layout thrashing.
187
+ * **Cosmic Eco-Astral Theme**: Includes a stunning forest-green and celestial-purple space aesthetic toggle with persistent `LocalStorage` preferences.
188
+ * **Local Sandbox Mode**: Instantly launches a secure mock login server in the background and populates the dashboard for immediate training.
189
+
190
+ ---
191
+
192
+ ## 📁 Project Structure
193
+
194
+ ```
195
+ BlueCrack/
196
+ ├── pyproject.toml # PEP 621 metadata & entry point definitions
197
+ ├── MANIFEST.in # Bundles static web templates & configuration data
198
+ ├── LICENSE # MIT Open Source License
199
+ ├── requirements.txt # Unified project dependency manifests
200
+
201
+ ├── src/
202
+ │ └── bluecrack/ # Source code package
203
+ │ ├── __init__.py # Version and API initialization
204
+ │ ├── __main__.py # Entry point for python -m bluecrack
205
+ │ ├── cli.py # Subcommand dispatcher
206
+ │ ├── web.py # Flask Web UI & SocketIO bridge
207
+ │ ├── engine.py # Core Selenium AttackEngine
208
+ │ ├── attack.py # CLI brute-force execution flow
209
+ │ ├── demo.py # Sandbox authentication server
210
+ │ ├── doctor.py # System diagnostic check utility
211
+ │ ├── constants.py # Shared scripts & ANSI styling
212
+ │ ├── utils.py # Tor rotation, chromedriver & wordlist generation
213
+ │ │
214
+ │ ├── data/ # Embedded package configuration
215
+ │ │ ├── cupp.cfg # Wordlist rules database
216
+ │ │ └── pass.txt # Demo password list
217
+ │ │
218
+ │ ├── templates/ # Web templates
219
+ │ │ └── index.html # Glassmorphism dashboard
220
+ │ │
221
+ │ └── static/ # Static stylesheets & JS
222
+ │ ├── css/style.css
223
+ │ └── js/app.js
224
+ ```
225
+
226
+ ---
227
+
228
+ ## 🛠️ Installation
229
+
230
+ ### 1. From PyPI (Recommended)
231
+ You can install BlueCrack directly as an executable package:
232
+ ```bash
233
+ pip install bluecrack
234
+ ```
235
+
236
+ ### 2. From Source (Development Mode)
237
+ Clone the repository and install it in editable mode:
238
+ ```bash
239
+ git clone https://github.com/taezeem14/BlueCrack.git
240
+ cd BlueCrack
241
+ pip install -e .
242
+ ```
243
+
244
+ ### 3. Prerequisites
245
+ * **Python 3.9+**
246
+ * **Google Chrome Browser**
247
+ * **ChromeDriver** (Selenium Manager automatically fetches the correct version for you)
248
+
249
+ ---
250
+
251
+ ## ▶️ Usage Subcommands
252
+
253
+ After installation, the unified `bluecrack` binary is added to your terminal PATH.
254
+
255
+ ### 1. 🌐 Web UI (Default)
256
+ Launch the graphical dashboard:
257
+ ```bash
258
+ bluecrack
259
+ # or explicitly
260
+ bluecrack web --port 5000
261
+ ```
262
+ Navigate to `http://127.0.0.1:5000` in your web browser.
263
+
264
+ ### 2. ⌨️ CLI Attack Mode
265
+ Run dictionary attacks directly inside the terminal:
266
+ ```bash
267
+ # Basic single login test
268
+ bluecrack attack -u admin -p admin123 --url http://target.local/login --error "wrong password"
269
+
270
+ # Multi-threaded dictionary attack
271
+ bluecrack attack -U users.txt -P rockyou.txt --url http://target.local/login \
272
+ --success "Welcome" --threads 4 --headless
273
+ ```
274
+
275
+ ### 3. 🧙 Interactive Wizard Mode
276
+ Let the system guide you through setup step-by-step:
277
+ ```bash
278
+ bluecrack attack -i
279
+ ```
280
+
281
+ ### 4. 🧪 Local Sandbox
282
+ Launch the demo login server on an isolated port:
283
+ ```bash
284
+ bluecrack demo --port 5001 --max-attempts 3
285
+ ```
286
+
287
+ ### 5. 🩺 Doctor Diagnostic Tool
288
+ Check system dependencies, browser version, and chromedriver availability:
289
+ ```bash
290
+ bluecrack doctor
291
+ ```
292
+
293
+ ### 6. 🔌 Plugin CLI Utilities
294
+ Generate sequences or run CUPP interactively:
295
+ ```bash
296
+ bluecrack plugin cupp
297
+ bluecrack plugin sequence --start 1000 --end 9999 --output sequence.txt
298
+ ```
299
+
300
+ ---
301
+
302
+ ## ⚙️ CLI Flag Reference (`bluecrack attack`)
303
+
304
+ | Flag | Parameter | Description |
305
+ |---|---|---|
306
+ | `-u`, `--user` | `TEXT` | Single target username |
307
+ | `-U`, `--userfile` | `FILE` | File containing list of usernames |
308
+ | `-p`, `--passw` | `TEXT` | Single password to test |
309
+ | `-P`, `--passlist` | `FILE` | File containing list of passwords |
310
+ | `--url` | `URL` | Web URL containing target login form |
311
+ | `--error` | `TEXT` | Substring on page indicating login failure |
312
+ | `--success` | `TEXT` | Substring on page indicating login success |
313
+ | `--threads` | `INT` | Parallel browser workers (default: 1) |
314
+ | `--headless` | `FLAG` | Runs browser without rendering UI windows |
315
+ | `--delay` | `FLOAT` | Throttling time delay in seconds |
316
+ | `--jitter` | `FLOAT` | Randomized variance added to the delay |
317
+ | `--limit-text` | `TEXT` | Substring indicating rate limits |
318
+ | `--cooldown` | `INT` | Wait time in seconds when rate limited |
319
+ | `--proxy` | `URL` | Single SOCKS/HTTP proxy server url |
320
+ | `--proxy-list` | `FILE` | File containing multiple proxy IPs |
321
+ | `--output` | `FILE` | Saves found credentials to output file |
322
+ | `--json-report` | `FLAG` | Exports full execution run history to JSON |
323
+
324
+ ---
325
+
326
+ ## 🧪 Local Sandbox Testing
327
+ To practice or demonstrate credential testing safely without hitting live servers:
328
+ 1. Open the Web UI (`bluecrack`).
329
+ 2. Click **`🚀 Demo Mode`** at the top right.
330
+ 3. The server will spin up `bluecrack demo` in the background and auto-populate all target URLs and fields.
331
+ 4. Click **`▶ Start Attack`** to watch the worker threads execute live!
332
+
333
+ ---
334
+
335
+
336
+ ## 📄 License
337
+
338
+ This project is licensed under the **MIT License** — see the [LICENSE](LICENSE) file for details.
339
+
340
+ ```
341
+ MIT License
342
+
343
+ Copyright (c) 2025–2026 Muhammad Taezeem Tariq
344
+
345
+ Permission is hereby granted, free of charge, to any person obtaining a copy
346
+ of this software and associated documentation files (the "Software"), to deal
347
+ in the Software without restriction, including without limitation the rights
348
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
349
+ copies of the Software, and to permit persons to whom the Software is
350
+ furnished to do so, subject to the following conditions:
351
+
352
+ The above copyright notice and this permission notice shall be included in all
353
+ copies or substantial portions of the Software.
354
+
355
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
356
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
357
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
358
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
359
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
360
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
361
+ SOFTWARE.
362
+ ```
363
+
364
+ ---
365
+
366
+ ## 👤 Author
367
+
368
+ **Muhammad Taezeem Tariq**
369
+
370
+ ---
371
+
372
+ <p align="center">
373
+ <sub>Built with ❤️ for the security research community</sub>
374
+ </p>