Blazy is a python script to bruteforce login pages. The script takes input from usernames.txt and passwords.txt and try every possible combination to find the correct authentication credentials. It can also check for login bypass via SQL injection and CSRF.
Common usernames and passwords can be downladed online. kali linux has a built in tool called CRUNCH which can generate every possible usernames and password according to your need. How to create custom wordlist using crunch?
@odirachukwu_onyejefu: All this app does (if it works at all, as you can see on the git issues page for this app, which also has had no updates in over a year) is try one combo of username and pw after another.
And it does so using a username and pw text file that you need to provide it. So somehow you would have to find a giant (and I mean GIANT) combo list that provides all the combinations for usernames and passwords that you can come up with. The pws of course, need to be in 6 characters, using uppercase and lowercase letters, as well as digits, and a few additional special characters. (This is assuming the website does not require a 8-digit pw, as has become standard. And that you know what special characters the site forbids or allows.)
Once you have the files with these millions of combos, you can let this app work for a few years straight and see if can find the username and password. Make sure to pray every day of those years that the website you are trying has zero security and people managing it cannot see that something is trying combos on this single log in page every second for many years.
As you know the poster tells you on “Feature Number 8” that this app provides “100% accurate results.” (That is, after telling you in “Feature Number 5” that it provides “90% accurate results.”) Putting aside the question of that missing 10%, the poster is quite correct; but only assuming you provide the correct username and pw in that GIANT list I was talking about.
See? All very simple, right? No wonder the tool is called “Blazy” as in blazing fast—that is, if your idea of blazing fast is taking four years non-stop to brute force a log in page.
Let us know how it goes. Hopefully we all will be still around in four years.