Help! There’s an OpenBullet Attack Config for Our Site – What Should we Do?

July 20, 2020 | by Matt Keil

Thinly veiled as a web testing tool, OpenBullet a commonly used attack management toolkit that allows a bad actor to create and execute automated account takeovers and other types of attacks. Complete with its’s own GitHub repo and user community, OpenBullet allows a bad actor to create or import a predefined attack config, add the proxy infrastructure and user credentials, then launch and track the status of the attack.

OpenBullet, along with Snipr MBA BlackBullet, and ComboList have dramatically simplified the act of launching an attack and in so doing, have made security professionals’ lives a bit more difficult. Faced with this level of sophistication and ease of use, security teams can proactively use these tools and their related user forums to their advantage resulting in an improved security posture.

  1. Use advanced search techniques to uncover attack configs targeting your site.
  2. Participate in their user forums to gain an understanding of your adversary.
  3. Download, install and use the attack tools to understand their inner workings.

To learn more about each of these techniques, please join Will Glazier, head of security research at Cequence Security for an informative and interactive webinar on July 22nd at 1:00 PST where he will provide tips and techniques to help you uncover the existence of an attack config, then demonstrate how it is used in OpenBullet, providing pointers on how to use OpenBullet to your mitigation advantage. A demonstration of Cequence API Spartan will wrap up the session.

Register today.

Matt Keil


Matt Keil

Director of Product Marketing

Additional Resources