bluecrack 3.0.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- bluecrack-3.0.0/LICENSE +21 -0
- bluecrack-3.0.0/MANIFEST.in +18 -0
- bluecrack-3.0.0/PKG-INFO +374 -0
- bluecrack-3.0.0/README.md +325 -0
- bluecrack-3.0.0/pyproject.toml +91 -0
- bluecrack-3.0.0/setup.cfg +4 -0
- bluecrack-3.0.0/src/bluecrack/__init__.py +25 -0
- bluecrack-3.0.0/src/bluecrack/__main__.py +6 -0
- bluecrack-3.0.0/src/bluecrack/_version.py +3 -0
- bluecrack-3.0.0/src/bluecrack/attack.py +602 -0
- bluecrack-3.0.0/src/bluecrack/cli.py +219 -0
- bluecrack-3.0.0/src/bluecrack/constants.py +93 -0
- bluecrack-3.0.0/src/bluecrack/data/cupp.cfg +70 -0
- bluecrack-3.0.0/src/bluecrack/data/pass.txt +6 -0
- bluecrack-3.0.0/src/bluecrack/demo.py +501 -0
- bluecrack-3.0.0/src/bluecrack/doctor.py +201 -0
- bluecrack-3.0.0/src/bluecrack/engine.py +586 -0
- bluecrack-3.0.0/src/bluecrack/static/css/style.css +807 -0
- bluecrack-3.0.0/src/bluecrack/static/js/app.js +754 -0
- bluecrack-3.0.0/src/bluecrack/templates/index.html +398 -0
- bluecrack-3.0.0/src/bluecrack/utils.py +297 -0
- bluecrack-3.0.0/src/bluecrack/vendor/__init__.py +1 -0
- bluecrack-3.0.0/src/bluecrack/vendor/cupp.py +1090 -0
- bluecrack-3.0.0/src/bluecrack/web.py +423 -0
- bluecrack-3.0.0/src/bluecrack.egg-info/PKG-INFO +374 -0
- bluecrack-3.0.0/src/bluecrack.egg-info/SOURCES.txt +28 -0
- bluecrack-3.0.0/src/bluecrack.egg-info/dependency_links.txt +1 -0
- bluecrack-3.0.0/src/bluecrack.egg-info/entry_points.txt +2 -0
- bluecrack-3.0.0/src/bluecrack.egg-info/requires.txt +20 -0
- bluecrack-3.0.0/src/bluecrack.egg-info/top_level.txt +1 -0
bluecrack-3.0.0/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2025 Muhammad Taezeem Tariq
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# MANIFEST.in — Include package data in source distributions
|
|
2
|
+
include LICENSE
|
|
3
|
+
include README.md
|
|
4
|
+
include pyproject.toml
|
|
5
|
+
|
|
6
|
+
# Package data files
|
|
7
|
+
recursive-include src/bluecrack/templates *
|
|
8
|
+
recursive-include src/bluecrack/static *
|
|
9
|
+
recursive-include src/bluecrack/data *
|
|
10
|
+
recursive-include src/bluecrack/vendor *.py *.cfg
|
|
11
|
+
|
|
12
|
+
# Exclude development/test files
|
|
13
|
+
exclude .gitignore
|
|
14
|
+
prune tests
|
|
15
|
+
prune .github
|
|
16
|
+
prune __pycache__
|
|
17
|
+
global-exclude *.pyc
|
|
18
|
+
global-exclude __pycache__
|
bluecrack-3.0.0/PKG-INFO
ADDED
|
@@ -0,0 +1,374 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: bluecrack
|
|
3
|
+
Version: 3.0.0
|
|
4
|
+
Summary: Hydra-style browser-based credential auditing framework powered by Selenium WebDriver
|
|
5
|
+
Author-email: Muhammad Taezeem Tariq <taezeem14@gmail.com>
|
|
6
|
+
License: MIT
|
|
7
|
+
Project-URL: Homepage, https://github.com/taezeem14/BlueCrack
|
|
8
|
+
Project-URL: Repository, https://github.com/taezeem14/BlueCrack
|
|
9
|
+
Project-URL: Issues, https://github.com/taezeem14/BlueCrack/issues
|
|
10
|
+
Project-URL: Documentation, https://github.com/taezeem14/BlueCrack#readme
|
|
11
|
+
Keywords: security,pentesting,brute-force,selenium,credential-auditing,flask,websocket
|
|
12
|
+
Classifier: Development Status :: 4 - Beta
|
|
13
|
+
Classifier: Environment :: Console
|
|
14
|
+
Classifier: Environment :: Web Environment
|
|
15
|
+
Classifier: Framework :: Flask
|
|
16
|
+
Classifier: Intended Audience :: Developers
|
|
17
|
+
Classifier: Intended Audience :: Information Technology
|
|
18
|
+
Classifier: License :: OSI Approved :: MIT License
|
|
19
|
+
Classifier: Operating System :: OS Independent
|
|
20
|
+
Classifier: Programming Language :: Python :: 3
|
|
21
|
+
Classifier: Programming Language :: Python :: 3.9
|
|
22
|
+
Classifier: Programming Language :: Python :: 3.10
|
|
23
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
24
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
25
|
+
Classifier: Programming Language :: Python :: 3.13
|
|
26
|
+
Classifier: Topic :: Security
|
|
27
|
+
Classifier: Topic :: Internet :: WWW/HTTP
|
|
28
|
+
Classifier: Typing :: Typed
|
|
29
|
+
Requires-Python: >=3.9
|
|
30
|
+
Description-Content-Type: text/markdown
|
|
31
|
+
License-File: LICENSE
|
|
32
|
+
Requires-Dist: selenium>=4.15
|
|
33
|
+
Requires-Dist: flask>=3.0
|
|
34
|
+
Requires-Dist: flask-socketio>=5.3
|
|
35
|
+
Requires-Dist: requests>=2.31
|
|
36
|
+
Provides-Extra: tor
|
|
37
|
+
Requires-Dist: stem>=1.8; extra == "tor"
|
|
38
|
+
Provides-Extra: keyboard
|
|
39
|
+
Requires-Dist: keyboard>=0.13; extra == "keyboard"
|
|
40
|
+
Provides-Extra: all
|
|
41
|
+
Requires-Dist: stem>=1.8; extra == "all"
|
|
42
|
+
Requires-Dist: keyboard>=0.13; extra == "all"
|
|
43
|
+
Provides-Extra: dev
|
|
44
|
+
Requires-Dist: build; extra == "dev"
|
|
45
|
+
Requires-Dist: twine; extra == "dev"
|
|
46
|
+
Requires-Dist: pytest; extra == "dev"
|
|
47
|
+
Requires-Dist: ruff; extra == "dev"
|
|
48
|
+
Dynamic: license-file
|
|
49
|
+
|
|
50
|
+
# BlueCrack
|
|
51
|
+
|
|
52
|
+
```
|
|
53
|
+
██████╗ ██╗ ██╗ ██╗███████╗ ██████╗██████╗ █████╗ ██████╗██╗ ██╗
|
|
54
|
+
██╔══██╗██║ ██║ ██║██╔════╝ ██╔════╝██╔══██╗██╔══██╗██╔════╝██║ ██╔╝
|
|
55
|
+
██████╔╝██║ ██║ ██║█████╗ ██║ ██████╔╝███████║██║ █████╔╝
|
|
56
|
+
██╔══██╗██║ ██║ ██║██╔══╝ ██║ ██╔══██╗██╔══██║██║ ██╔═██╗
|
|
57
|
+
██████╔╝███████╗╚██████╔╝███████╗ ╚██████╗██║ ██║██║ ██║╚██████╗██║ ██╗
|
|
58
|
+
╚═════╝ ╚══════╝ ╚═════╝ ╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝
|
|
59
|
+
```
|
|
60
|
+
|
|
61
|
+

|
|
62
|
+

|
|
63
|
+

|
|
64
|
+

|
|
65
|
+
|
|
66
|
+
**BlueCrack** is an advanced, Hydra-style browser-based login tester powered by Selenium and Flask. By driving actual Google Chrome instances in parallel, BlueCrack automates credential auditing against complex authentication portals that traditional HTTP-based brute-forcers cannot handle. It is wrapped in a premium, ultra-responsive dark web console streaming real-time statistics and execution logs.
|
|
67
|
+
|
|
68
|
+
---
|
|
69
|
+
|
|
70
|
+
> ## ⚠️ Responsible Use Warning
|
|
71
|
+
>
|
|
72
|
+
> **BlueCrack is designed strictly for authorized security testing, educational research, and infrastructure auditing.** Unauthorized access to computer systems is illegal under international computer misuse laws (including the US CFAA and UK Computer Misuse Act). The developers assume **no liability** for misuse. Always obtain explicit written authorization before testing target environments.
|
|
73
|
+
|
|
74
|
+
---
|
|
75
|
+
|
|
76
|
+
## 🏗️ Architecture & Topology
|
|
77
|
+
|
|
78
|
+
Unlike simple script-based brute-forcers, BlueCrack implements a decoupled **Client-Server-Worker** model. The backend serves REST APIs and WebSockets to synchronize states, while thread-safe worker queues drive isolated automated browsers.
|
|
79
|
+
|
|
80
|
+
### System Topology Map
|
|
81
|
+
|
|
82
|
+
The diagram below illustrates the relationship between the client dashboard, the Flask server, the background attack engine, and the automation instances:
|
|
83
|
+
|
|
84
|
+
```mermaid
|
|
85
|
+
graph TD
|
|
86
|
+
subgraph Client ["Client Browser (Frontend)"]
|
|
87
|
+
UI["Web Dashboard (HTML5/CSS3)"]
|
|
88
|
+
JS["app.js (Socket.IO client & state)"]
|
|
89
|
+
UI <--> JS
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
subgraph Backend ["Python Server (Backend)"]
|
|
93
|
+
App["app.py (Flask Web Server)"]
|
|
94
|
+
Engine["engine.py (AttackEngine & callbacks)"]
|
|
95
|
+
App <--> Engine
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
subgraph BrowserWorkers ["Browser Automation"]
|
|
99
|
+
Driver1["Chrome WebDriver (Thread 1)"]
|
|
100
|
+
Driver2["Chrome WebDriver (Thread 2)"]
|
|
101
|
+
DriverN["Chrome WebDriver (Thread N)"]
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
subgraph TargetSystem ["Target Environment"]
|
|
105
|
+
Target["Target Login Form"]
|
|
106
|
+
DemoSrv["demo_server.py (Subprocess)"]
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
JS <-->|Socket.IO & REST APIs| App
|
|
110
|
+
Engine -->|Spawns| Driver1
|
|
111
|
+
Engine -->|Spawns| Driver2
|
|
112
|
+
Engine -->|Spawns| DriverN
|
|
113
|
+
|
|
114
|
+
Driver1 -->|Automates Login| Target
|
|
115
|
+
Driver2 -->|Automates Login| Target
|
|
116
|
+
DriverN -->|Automates Login| Target
|
|
117
|
+
|
|
118
|
+
App -.->|Subprocess Popen| DemoSrv
|
|
119
|
+
Driver1 -.->|Optionally tests| DemoSrv
|
|
120
|
+
```
|
|
121
|
+
|
|
122
|
+
### Attack Execution Data Flow
|
|
123
|
+
|
|
124
|
+
This sequence chart outlines the step-by-step lifecycle of an active credential audit:
|
|
125
|
+
|
|
126
|
+
```mermaid
|
|
127
|
+
sequenceDiagram
|
|
128
|
+
autonumber
|
|
129
|
+
actor User as Security Tester
|
|
130
|
+
participant UI as Web Dashboard
|
|
131
|
+
participant App as app.py (Flask)
|
|
132
|
+
participant Queue as Thread-Safe Queue
|
|
133
|
+
participant Engine as AttackEngine (engine.py)
|
|
134
|
+
participant Worker as WebDriver Worker Thread
|
|
135
|
+
participant Target as Target Login Webpage
|
|
136
|
+
|
|
137
|
+
User->>UI: Input Target URL, Credentials & hit Start
|
|
138
|
+
UI->>App: POST /api/attack/start (JSON config)
|
|
139
|
+
App->>Engine: start(ctx)
|
|
140
|
+
activate Engine
|
|
141
|
+
Engine->>Queue: Populate (User, Pass) combos
|
|
142
|
+
Engine->>Worker: Spawn N worker threads
|
|
143
|
+
activate Worker
|
|
144
|
+
|
|
145
|
+
loop Until Queue is empty or Stopped
|
|
146
|
+
Queue->>Worker: Get next combo (user, pwd)
|
|
147
|
+
Worker->>Target: Load login URL
|
|
148
|
+
Worker->>Target: Auto-detect & inject User/Pass inputs
|
|
149
|
+
Worker->>Target: Click Submit Button
|
|
150
|
+
Worker->>Target: Inspect result page (DOM / Redirect)
|
|
151
|
+
alt Success Detected
|
|
152
|
+
Worker->>Engine: Log credentials found
|
|
153
|
+
Engine->>App: Emit "log" & "finished"
|
|
154
|
+
App->>UI: Stream live credentials & success sound
|
|
155
|
+
else Rate Limit Detected
|
|
156
|
+
Worker->>Engine: Report rate limit hit
|
|
157
|
+
Engine->>App: Emit "log" & cooldown metrics
|
|
158
|
+
App->>UI: Stream status & cooldown timer
|
|
159
|
+
Note over Worker: Cooldown sleep or Tor circuit shift
|
|
160
|
+
else Failure/Error
|
|
161
|
+
Worker->>Engine: Record failure/error metric
|
|
162
|
+
Engine->>App: Emit "progress" & "metrics"
|
|
163
|
+
App->>UI: Update live ETA & counter stats
|
|
164
|
+
end
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
deactivate Worker
|
|
168
|
+
deactivate Engine
|
|
169
|
+
Engine->>App: finished(success_flag)
|
|
170
|
+
App->>UI: Socket.IO finished event (Enable buttons)
|
|
171
|
+
```
|
|
172
|
+
|
|
173
|
+
---
|
|
174
|
+
|
|
175
|
+
## 🎯 Features
|
|
176
|
+
|
|
177
|
+
### Core Capabilities
|
|
178
|
+
* **Full JavaScript Compatibility**: Handles React, Angular, Vue, and vanilla JS portals by rendering pages in full browser sessions.
|
|
179
|
+
* **Auto-Selector Engine**: Employs heuristic-based JS injection to automatically identify input fields for usernames, passwords, and submit buttons.
|
|
180
|
+
* **Tor Proxy & IP Shift**: Rotates IP addresses automatically using Tor circuits by communicating with the Tor Control Port.
|
|
181
|
+
* **Thread-Safe Concurrent Workers**: Run up to 50 concurrent headless or GUI browser instances with synchronized queue mechanisms.
|
|
182
|
+
* **Dynamic Rate-Limit Evasion**: Pause testing, add jitter, or cycle proxy gateways when encountering rate-limiting string triggers.
|
|
183
|
+
* **CUPP & Sequence Profilers**: Built-in credential profiling and sequential zero-padded range wordlist generators.
|
|
184
|
+
|
|
185
|
+
### Premium UI Enhancements
|
|
186
|
+
* **Lag-Free Logging**: Handles high-frequency console updates using `requestAnimationFrame` queue batching and `DocumentFragment` inserts to eliminate layout thrashing.
|
|
187
|
+
* **Cosmic Eco-Astral Theme**: Includes a stunning forest-green and celestial-purple space aesthetic toggle with persistent `LocalStorage` preferences.
|
|
188
|
+
* **Local Sandbox Mode**: Instantly launches a secure mock login server in the background and populates the dashboard for immediate training.
|
|
189
|
+
|
|
190
|
+
---
|
|
191
|
+
|
|
192
|
+
## 📁 Project Structure
|
|
193
|
+
|
|
194
|
+
```
|
|
195
|
+
BlueCrack/
|
|
196
|
+
├── pyproject.toml # PEP 621 metadata & entry point definitions
|
|
197
|
+
├── MANIFEST.in # Bundles static web templates & configuration data
|
|
198
|
+
├── LICENSE # MIT Open Source License
|
|
199
|
+
├── requirements.txt # Unified project dependency manifests
|
|
200
|
+
│
|
|
201
|
+
├── src/
|
|
202
|
+
│ └── bluecrack/ # Source code package
|
|
203
|
+
│ ├── __init__.py # Version and API initialization
|
|
204
|
+
│ ├── __main__.py # Entry point for python -m bluecrack
|
|
205
|
+
│ ├── cli.py # Subcommand dispatcher
|
|
206
|
+
│ ├── web.py # Flask Web UI & SocketIO bridge
|
|
207
|
+
│ ├── engine.py # Core Selenium AttackEngine
|
|
208
|
+
│ ├── attack.py # CLI brute-force execution flow
|
|
209
|
+
│ ├── demo.py # Sandbox authentication server
|
|
210
|
+
│ ├── doctor.py # System diagnostic check utility
|
|
211
|
+
│ ├── constants.py # Shared scripts & ANSI styling
|
|
212
|
+
│ ├── utils.py # Tor rotation, chromedriver & wordlist generation
|
|
213
|
+
│ │
|
|
214
|
+
│ ├── data/ # Embedded package configuration
|
|
215
|
+
│ │ ├── cupp.cfg # Wordlist rules database
|
|
216
|
+
│ │ └── pass.txt # Demo password list
|
|
217
|
+
│ │
|
|
218
|
+
│ ├── templates/ # Web templates
|
|
219
|
+
│ │ └── index.html # Glassmorphism dashboard
|
|
220
|
+
│ │
|
|
221
|
+
│ └── static/ # Static stylesheets & JS
|
|
222
|
+
│ ├── css/style.css
|
|
223
|
+
│ └── js/app.js
|
|
224
|
+
```
|
|
225
|
+
|
|
226
|
+
---
|
|
227
|
+
|
|
228
|
+
## 🛠️ Installation
|
|
229
|
+
|
|
230
|
+
### 1. From PyPI (Recommended)
|
|
231
|
+
You can install BlueCrack directly as an executable package:
|
|
232
|
+
```bash
|
|
233
|
+
pip install bluecrack
|
|
234
|
+
```
|
|
235
|
+
|
|
236
|
+
### 2. From Source (Development Mode)
|
|
237
|
+
Clone the repository and install it in editable mode:
|
|
238
|
+
```bash
|
|
239
|
+
git clone https://github.com/taezeem14/BlueCrack.git
|
|
240
|
+
cd BlueCrack
|
|
241
|
+
pip install -e .
|
|
242
|
+
```
|
|
243
|
+
|
|
244
|
+
### 3. Prerequisites
|
|
245
|
+
* **Python 3.9+**
|
|
246
|
+
* **Google Chrome Browser**
|
|
247
|
+
* **ChromeDriver** (Selenium Manager automatically fetches the correct version for you)
|
|
248
|
+
|
|
249
|
+
---
|
|
250
|
+
|
|
251
|
+
## ▶️ Usage Subcommands
|
|
252
|
+
|
|
253
|
+
After installation, the unified `bluecrack` binary is added to your terminal PATH.
|
|
254
|
+
|
|
255
|
+
### 1. 🌐 Web UI (Default)
|
|
256
|
+
Launch the graphical dashboard:
|
|
257
|
+
```bash
|
|
258
|
+
bluecrack
|
|
259
|
+
# or explicitly
|
|
260
|
+
bluecrack web --port 5000
|
|
261
|
+
```
|
|
262
|
+
Navigate to `http://127.0.0.1:5000` in your web browser.
|
|
263
|
+
|
|
264
|
+
### 2. ⌨️ CLI Attack Mode
|
|
265
|
+
Run dictionary attacks directly inside the terminal:
|
|
266
|
+
```bash
|
|
267
|
+
# Basic single login test
|
|
268
|
+
bluecrack attack -u admin -p admin123 --url http://target.local/login --error "wrong password"
|
|
269
|
+
|
|
270
|
+
# Multi-threaded dictionary attack
|
|
271
|
+
bluecrack attack -U users.txt -P rockyou.txt --url http://target.local/login \
|
|
272
|
+
--success "Welcome" --threads 4 --headless
|
|
273
|
+
```
|
|
274
|
+
|
|
275
|
+
### 3. 🧙 Interactive Wizard Mode
|
|
276
|
+
Let the system guide you through setup step-by-step:
|
|
277
|
+
```bash
|
|
278
|
+
bluecrack attack -i
|
|
279
|
+
```
|
|
280
|
+
|
|
281
|
+
### 4. 🧪 Local Sandbox
|
|
282
|
+
Launch the demo login server on an isolated port:
|
|
283
|
+
```bash
|
|
284
|
+
bluecrack demo --port 5001 --max-attempts 3
|
|
285
|
+
```
|
|
286
|
+
|
|
287
|
+
### 5. 🩺 Doctor Diagnostic Tool
|
|
288
|
+
Check system dependencies, browser version, and chromedriver availability:
|
|
289
|
+
```bash
|
|
290
|
+
bluecrack doctor
|
|
291
|
+
```
|
|
292
|
+
|
|
293
|
+
### 6. 🔌 Plugin CLI Utilities
|
|
294
|
+
Generate sequences or run CUPP interactively:
|
|
295
|
+
```bash
|
|
296
|
+
bluecrack plugin cupp
|
|
297
|
+
bluecrack plugin sequence --start 1000 --end 9999 --output sequence.txt
|
|
298
|
+
```
|
|
299
|
+
|
|
300
|
+
---
|
|
301
|
+
|
|
302
|
+
## ⚙️ CLI Flag Reference (`bluecrack attack`)
|
|
303
|
+
|
|
304
|
+
| Flag | Parameter | Description |
|
|
305
|
+
|---|---|---|
|
|
306
|
+
| `-u`, `--user` | `TEXT` | Single target username |
|
|
307
|
+
| `-U`, `--userfile` | `FILE` | File containing list of usernames |
|
|
308
|
+
| `-p`, `--passw` | `TEXT` | Single password to test |
|
|
309
|
+
| `-P`, `--passlist` | `FILE` | File containing list of passwords |
|
|
310
|
+
| `--url` | `URL` | Web URL containing target login form |
|
|
311
|
+
| `--error` | `TEXT` | Substring on page indicating login failure |
|
|
312
|
+
| `--success` | `TEXT` | Substring on page indicating login success |
|
|
313
|
+
| `--threads` | `INT` | Parallel browser workers (default: 1) |
|
|
314
|
+
| `--headless` | `FLAG` | Runs browser without rendering UI windows |
|
|
315
|
+
| `--delay` | `FLOAT` | Throttling time delay in seconds |
|
|
316
|
+
| `--jitter` | `FLOAT` | Randomized variance added to the delay |
|
|
317
|
+
| `--limit-text` | `TEXT` | Substring indicating rate limits |
|
|
318
|
+
| `--cooldown` | `INT` | Wait time in seconds when rate limited |
|
|
319
|
+
| `--proxy` | `URL` | Single SOCKS/HTTP proxy server url |
|
|
320
|
+
| `--proxy-list` | `FILE` | File containing multiple proxy IPs |
|
|
321
|
+
| `--output` | `FILE` | Saves found credentials to output file |
|
|
322
|
+
| `--json-report` | `FLAG` | Exports full execution run history to JSON |
|
|
323
|
+
|
|
324
|
+
---
|
|
325
|
+
|
|
326
|
+
## 🧪 Local Sandbox Testing
|
|
327
|
+
To practice or demonstrate credential testing safely without hitting live servers:
|
|
328
|
+
1. Open the Web UI (`bluecrack`).
|
|
329
|
+
2. Click **`🚀 Demo Mode`** at the top right.
|
|
330
|
+
3. The server will spin up `bluecrack demo` in the background and auto-populate all target URLs and fields.
|
|
331
|
+
4. Click **`▶ Start Attack`** to watch the worker threads execute live!
|
|
332
|
+
|
|
333
|
+
---
|
|
334
|
+
|
|
335
|
+
|
|
336
|
+
## 📄 License
|
|
337
|
+
|
|
338
|
+
This project is licensed under the **MIT License** — see the [LICENSE](LICENSE) file for details.
|
|
339
|
+
|
|
340
|
+
```
|
|
341
|
+
MIT License
|
|
342
|
+
|
|
343
|
+
Copyright (c) 2025–2026 Muhammad Taezeem Tariq
|
|
344
|
+
|
|
345
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
346
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
347
|
+
in the Software without restriction, including without limitation the rights
|
|
348
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
349
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
350
|
+
furnished to do so, subject to the following conditions:
|
|
351
|
+
|
|
352
|
+
The above copyright notice and this permission notice shall be included in all
|
|
353
|
+
copies or substantial portions of the Software.
|
|
354
|
+
|
|
355
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
356
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
357
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
358
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
359
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
360
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
361
|
+
SOFTWARE.
|
|
362
|
+
```
|
|
363
|
+
|
|
364
|
+
---
|
|
365
|
+
|
|
366
|
+
## 👤 Author
|
|
367
|
+
|
|
368
|
+
**Muhammad Taezeem Tariq**
|
|
369
|
+
|
|
370
|
+
---
|
|
371
|
+
|
|
372
|
+
<p align="center">
|
|
373
|
+
<sub>Built with ❤️ for the security research community</sub>
|
|
374
|
+
</p>
|