crash.software
Projects
Pull Requests
Issues
Builds
Taipan
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY Taipan Commits c615e95c
🤬
  • ■ ■ ■ ■ ■
    Doc/Http and Web Form bruteforcing.md
    1 1  # Http and Web Form bruteforcing
    2  -One of the many Taipan addOn, allows to execute an HTTP of Web Form authentication bruteforcing. In this page we will see how to customize this process.
     2 +This AddOn allows to execute an HTTP or Web Form authentication bruteforcing. In order to do so it verify the response code (in case of HTTP bruteforcing) or use a custom heuristic in order to identify if the page returned an authenticated content or not (in case of Web Form authentication).
     3 + 
     4 +Under the folder _Data\AddOnStorage\Web Form Bruteforcer AddOn_ you will find three XML files (the file format is self explanatory):
     5 + * **Combinations.xml** contains the combination of user/password to use. This is useful to test for default account
     6 + * **Usernames.xml** contaions the list of username to bruteforce. It is suggested to not include a long list, since for each username the entire password list is used in order to bruteforce it
     7 + * **Passwords.xml** contains the password to use in order to bruteforce all usernames
     8 + 
  • ■ ■ ■ ■ ■
    Doc/LuaScript.md
    skipped 15 lines
    16 16   * **ApplicationName** The application name that is identified. This name will be displayed in the result report
    17 17   * **TargetLanguage** The language that was used to develop the application. For Wordpress is PHP
    18 18  
    19  - WIP
     19 +## Global vars
     20 +In order to report to Taipan the Application that was identified and its version, the script must set a couple of global vars that will be later used by the Taipan scanner. Each script must return a _Boolean_ result after its execution. The result meaning is:
     21 + 
     22 +* True: if the script was able to identify a given application version
     23 +* False: otherwise
     24 + 
     25 +If the script is able to identify the application, the version must be placed in a global vaiables named *appVersion*.
     26 + 
     27 +The format of this variable must be compliant to the <a href="https://semver.org/">Semantic Version</a> standard. For a sample of LUA script take a look at the <a href="https://github.com/enkomio/Taipan/blob/master/Src/ES.Taipan.Fingerprinter/Lua/Php/Joomla/joomla.lua">Joomla fingeprintg script</a>.
     28 + 
    20 29   
Please wait...
Page is in error, reload to recover