def test_bruteforcer_default(self): url = url_object('http://www.w3af.org/') bf = bruteforcer() bf.setURL(url) bf.init() expected_combinations = [ ('prueba1', '123abc'), ('test', 'freedom'), ('user', 'letmein'), ('www.w3af.org', 'master'), # URL feature ('admin', '7emp7emp'), # l337 feature ('user1', ''), # No password ('user1', 'user1') # User eq password ] generated = [] next = True while next: try: gen_comb = bf.getNext() generated.append( gen_comb ) except: break for gen_comb in expected_combinations: self.assertTrue( gen_comb in generated )
def __init__(self): baseAuditPlugin.__init__(self) self._alreadyTested = [] # Config params self._usersFile = 'core'+os.path.sep+'controllers'+os.path.sep+'bruteforce'+os.path.sep+'users.txt' self._passwdFile = 'core'+os.path.sep+'controllers'+os.path.sep+'bruteforce'+os.path.sep+'passwords.txt' self._useMailUsers = True self._useSvnUsers = True self._stopOnFirst = True self._passEqUser = True self._l337_p4sswd = True self._useMails = True self._useProfiling = True self._profilingNumber = 50 # Internal vars self._found = False self._alreadyReported = [] self._bruteforcer = bruteforcer()
def test_bruteforcer_combo(self): expected_combinations = [ ('test', 'unittest'), ('123', 'unittest'), ('unittest', 'w00tw00t!'), ('unittest', 'unittest') ] combo_filename = os.path.join(self.temp_dir, 'combo.txt' ) combo_fd = file( combo_filename, 'w') for user, password in expected_combinations: combo_fd.write('%s:%s\n' % (user, password)) combo_fd.close() url = url_object('http://www.w3af.org/') bf = bruteforcer() bf.setURL(url) bf.setComboFile( combo_filename ) bf.setComboSeparator(':') bf.init() generated = [] next = True while next: try: gen_comb = bf.getNext() generated.append( gen_comb ) except: break for gen_comb in expected_combinations: self.assertTrue( gen_comb in generated )