def test_bruteforcer_default(self):
url = url_object('http://www.w3af.org/')
bf = bruteforcer()
bf.setURL(url)
bf.init()
expected_combinations = [
('prueba1', '123abc'),
('test', 'freedom'),
('user', 'letmein'),
('www.w3af.org', 'master'), # URL feature
('admin', '7emp7emp'), # l337 feature
('user1', ''), # No password
('user1', 'user1') # User eq password
]
generated = []
next = True
while next:
try:
gen_comb = bf.getNext()
generated.append( gen_comb )
except:
break
for gen_comb in expected_combinations:
self.assertTrue( gen_comb in generated )
def __init__(self):
baseAuditPlugin.__init__(self)
self._alreadyTested = []
# Config params
self._usersFile = 'core'+os.path.sep+'controllers'+os.path.sep+'bruteforce'+os.path.sep+'users.txt'
self._passwdFile = 'core'+os.path.sep+'controllers'+os.path.sep+'bruteforce'+os.path.sep+'passwords.txt'
self._useMailUsers = True
self._useSvnUsers = True
self._stopOnFirst = True
self._passEqUser = True
self._l337_p4sswd = True
self._useMails = True
self._useProfiling = True
self._profilingNumber = 50
# Internal vars
self._found = False
self._alreadyReported = []
self._bruteforcer = bruteforcer()
def test_bruteforcer_combo(self):
expected_combinations = [
('test', 'unittest'),
('123', 'unittest'),
('unittest', 'w00tw00t!'),
('unittest', 'unittest')
]
combo_filename = os.path.join(self.temp_dir, 'combo.txt' )
combo_fd = file( combo_filename, 'w')
for user, password in expected_combinations:
combo_fd.write('%s:%s\n' % (user, password))
combo_fd.close()
url = url_object('http://www.w3af.org/')
bf = bruteforcer()
bf.setURL(url)
bf.setComboFile( combo_filename )
bf.setComboSeparator(':')
bf.init()
generated = []
next = True
while next:
try:
gen_comb = bf.getNext()
generated.append( gen_comb )
except:
break
for gen_comb in expected_combinations:
self.assertTrue( gen_comb in generated )
