def test_bruteforcer_combo(self):
expected_combinations = [
('test', 'unittest'),
('123', 'unittest'),
('unittest', 'w00tw00t!'),
('unittest', 'unittest')
]
combo_filename = os.path.join(self.temp_dir, 'combo.txt')
combo_fd = file(combo_filename, 'w')
for user, password in expected_combinations:
combo_fd.write('%s:%s\n' % (user, password))
combo_fd.close()
url = URL('http://www.w3af.org/')
bf = UserPasswordBruteforcer(url)
bf.combo_file = combo_filename
bf.combo_separator = ':'
generated = []
for (user, pwd) in bf.generator():
generated.append((user, pwd))
for expected_comb in expected_combinations:
self.assertTrue(expected_comb in generated)
def test_bruteforcer_combo(self):
expected_combinations = [('test', 'unittest'), ('123', 'unittest'),
('unittest', 'w00tw00t!'),
('unittest', 'unittest')]
combo_filename = os.path.join(self.temp_dir, 'combo.txt')
combo_fd = file(combo_filename, 'w')
for user, password in expected_combinations:
combo_fd.write('%s:%s\n' % (user, password))
combo_fd.close()
url = URL('http://www.w3af.org/')
bf = UserPasswordBruteforcer(url)
bf.combo_file = combo_filename
bf.combo_separator = ':'
generated = []
for (user, pwd) in bf.generator():
generated.append((user, pwd))
for expected_comb in expected_combinations:
self.assertTrue(expected_comb in generated)
def test_bruteforcer_default(self):
url = URL('http://www.w3af.org/')
bf = UserPasswordBruteforcer(url)
expected_combinations = [
('prueba1', '123abc'),
('test', 'freedom'),
('user', 'letmein'),
('www.w3af.org', 'master'), # URL feature
('admin', '7emp7emp'), # l337 feature
('user1', ''), # No password
('user1', 'user1') # User eq password
]
generated = []
for (user, pwd) in bf.generator():
generated.append((user, pwd))
for expected_comb in expected_combinations:
self.assertTrue(expected_comb in generated)
def test_bruteforcer_default(self):
url = URL('http://www.w3af.org/')
bf = UserPasswordBruteforcer(url)
expected_combinations = [
('prueba1', '123abc'),
('test', 'freedom'),
('user', 'letmein'),
('www.w3af.org', 'master'), # URL feature
('admin', '7emp7emp'), # l337 feature
('user1', ''), # No password
('user1',
'user1') # User eq password
]
generated = []
for (user, pwd) in bf.generator():
generated.append((user, pwd))
for expected_comb in expected_combinations:
self.assertTrue(expected_comb in generated)
def _create_user_pass_generator(self, url):
up_bf = UserPasswordBruteforcer(url)
up_bf.use_emails = self._use_emails
up_bf.use_profiling = self._use_profiling
up_bf.profiling_number = self._profiling_number
up_bf.use_SVN_users = self._use_SVN_users
up_bf.l337_p4sswd = self._l337_p4sswd
up_bf.users_file = self._users_file
up_bf.passwd_file = self._passwd_file
up_bf.combo_file = self._combo_file
up_bf.combo_separator = self._combo_separator
up_bf.pass_eq_user = self._pass_eq_user
return up_bf.generator()
def _create_user_pass_generator(self, url):
up_bf = UserPasswordBruteforcer(url)
up_bf.use_emails = self._use_emails
up_bf.use_profiling = self._use_profiling
up_bf.profiling_number = self._profiling_number
up_bf.use_SVN_users = self._use_SVN_users
up_bf.l337_p4sswd = self._l337_p4sswd
up_bf.users_file = self._users_file
up_bf.passwd_file = self._passwd_file
up_bf.combo_file = self._combo_file
up_bf.combo_separator = self._combo_separator
up_bf.pass_eq_user = self._pass_eq_user
return up_bf.generator()
