def test_bruteforcer_combo(self): expected_combinations = [ ('test', 'unittest'), ('123', 'unittest'), ('unittest', 'w00tw00t!'), ('unittest', 'unittest') ] combo_filename = os.path.join(self.temp_dir, 'combo.txt') combo_fd = file(combo_filename, 'w') for user, password in expected_combinations: combo_fd.write('%s:%s\n' % (user, password)) combo_fd.close() url = URL('http://www.w3af.org/') bf = user_password_bruteforcer(url) bf.combo_file = combo_filename bf.combo_separator = ':' generated = [] for (user, pwd) in bf.generator(): generated.append((user, pwd)) for expected_comb in expected_combinations: self.assertTrue(expected_comb in generated)
def _create_user_pass_generator(self, url): up_bf = user_password_bruteforcer(url) up_bf.use_emails = self._use_emails up_bf.use_profiling = self._use_profiling up_bf.profiling_number = self._profiling_number up_bf.use_SVN_users = self._use_SVN_users up_bf.l337_p4sswd = self._l337_p4sswd up_bf.users_file = self._users_file up_bf.passwd_file = self._passwd_file up_bf.combo_file = self._combo_file up_bf.combo_separator = self._combo_separator up_bf.pass_eq_user = self._pass_eq_user return up_bf.generator()
def test_bruteforcer_default(self): url = URL('http://www.w3af.org/') bf = user_password_bruteforcer(url) expected_combinations = [ ('prueba1', '123abc'), ('test', 'freedom'), ('user', 'letmein'), ('www.w3af.org', 'master'), # URL feature ('admin', '7emp7emp'), # l337 feature ('user1', ''), # No password ('user1', 'user1') # User eq password ] generated = [] for (user, pwd) in bf.generator(): generated.append((user, pwd)) for expected_comb in expected_combinations: self.assertTrue(expected_comb in generated)