---
title: "[bojemoi] feat(uzi): brute-force credentials Phase 0 sur 15 services"
date: 2026-04-09T16:22:46+02:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 0e0519a par Betty dans bojemoi"
author: "Betty"
---

## Commit `0e0519a`

| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `0e0519a10341ca2a19066b4ef4d5a808477f66a6` |


### Description

Remplace run_ssh_bruteforce() par une architecture générique :
- BRUTE_MODULES dict : 15 services (ssh, ftp, telnet, smb, mysql,
  postgresql, mssql, vnc, snmp, imap, pop3, smtp, http/https,
  tomcat, mongodb) avec module MSF, ports, wordlists et options
- run_brute_force_service() : fonction générique auxiliary MSF,
  gère USER_FILE/PASS_FILE optionnels, THREADS, extra opts,
  détection sessions et reporting Faraday
- run_bruteforce_phase() : Phase 0 orchestre tous les services
  détectés, déduplique par module, respecte attack_surface_key
  (ex: tomcat uniquement si bm12 l'a confirmé)
- Toutes les wordlists configurables via env vars (surchargeables
  dans le stack sans rebuild)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

### Files Changed

```
M	borodino/thearm_uzi
M	stack/40-service-borodino.yml
```

### Diff Summary

```
 borodino/thearm_uzi           | 303 +++++++++++++++++++++++++++++++++++++++++-
 stack/40-service-borodino.yml | 143 +++++++++++++-------
 2 files changed, 395 insertions(+), 51 deletions(-)
```