garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Preciser reporting in bruteforcing password with bad response

Browse Source 
When bruteforcing for multiple logins and passwords the bad response code reported
might indicate a match! But the reporting for it is not clear enough.
For example "Unkown response for admin" might mean a user name admin and some password
or a password 'admin' for some user.

This commit makes in unambiguous reporting a bad response, and naming which login and
which password caused it.
This commit is contained in:
Zaur
2017-03-25 16:18:05 +01:00
parent 0b9b79f55f
commit 338eacd63b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/common/models/wp_user/brute_forcable.rb
View File

@@ -118,7 +118,7 @@ class WpUser < WpItem
elsif response.code.to_s =~ /^50/ elsif response.code.to_s =~ /^50/
progression = critical('ERROR: Server error, try reducing the number of threads or use the --throttle option.') progression = critical('ERROR: Server error, try reducing the number of threads or use the --throttle option.')
else else
progression = critical("ERROR: We received an unknown response for #{password}...") progression = critical("ERROR: We received an unknown response for login: #{login} and password: #{password}")
verbose = critical(" Code: #{response.code}\n Body: #{response.body}\n") verbose = critical(" Code: #{response.code}\n Body: #{response.body}\n")
end end