Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .
Switch branches/tags
Nothing to show
Clone or download
Latest commit 06c2d50 Nov 7, 2017
Failed to load latest commit information.
LICENSE Initial commit Oct 3, 2017 Update Oct 3, 2017 Fixed a syntax error Nov 7, 2017
passwords.txt initial release Oct 3, 2017
requirements.txt Add lxml missing requirement Oct 30, 2017
usernames.txt initial release Oct 3, 2017


Blazy is a modern login page bruteforcer.


  • Easy target selections
  • Smart form and error detection
  • CSRF and Clickjacking Scanner
  • Cloudflare and WAF Detector
  • 90% accurate results
  • Checks for login bypass via SQL injection
  • Multi-threading
  • 100% accurate results
  • Better form detection and compatibility


  • Beautiful Soup
  • Mechanize


Open your terminal and enter

git clone

Now enter the following command

cd Blazy

Lets install the required modules before running Blazy

pip install -r requirements.txt

Now run Blazy by entering


Now enter your desired login page URL and Blazy will do its thing: