Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .
Branch: master
Clone or download
Latest commit 06c2d50 Nov 7, 2017
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit Oct 3, 2017 Update Oct 3, 2017 Fixed a syntax error Nov 7, 2017
passwords.txt initial release Oct 3, 2017
requirements.txt Add lxml missing requirement Oct 30, 2017


Blazy is a modern login page bruteforcer.


  • Easy target selections
  • Smart form and error detection
  • CSRF and Clickjacking Scanner
  • Cloudflare and WAF Detector
  • 90% accurate results
  • Checks for login bypass via SQL injection
  • Multi-threading
  • 100% accurate results
  • Better form detection and compatibility


  • Beautiful Soup
  • Mechanize


Open your terminal and enter

git clone

Now enter the following command

cd Blazy

Lets install the required modules before running Blazy

pip install -r requirements.txt

Now run Blazy by entering


Now enter your desired login page URL and Blazy will do its thing: