garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use less memory when brute forcing with a large wordlist

Browse Source
This commit is contained in:
erwanlr
2013-10-05 20:03:34 +01:00
parent 90ade58842
commit 474816762f
8 changed files with 55 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
spec/shared_examples/wp_user/brute_forcable.rb
View File

@@ -4,120 +4,59 @@ shared_examples 'WpUser::BruteForcable' do
let(:fixtures_dir) { MODELS_FIXTURES + '/wp_user/brute_forcable' }
let(:wordlist_iso) { fixtures_dir + '/wordlist-iso-8859-1.txt' }
let(:wordlist_utf8) { fixtures_dir + '/wordlist-utf-8.txt' }
let(:redirect_url) { 'http://www.example.com/asdf/' }
let(:mod) { WpUser::BruteForcable }
before { Browser.instance.max_threads = 1 }
describe '::passwords_from_wordlist' do
let(:expected) { %w{password1 pa55w0rd #comment admin root} << ' spaceafterandbefore ' }
let(:exception) { 'Invalid wordlist, expected String or Array' }
after do
if @expected
mod.passwords_from_wordlist(wordlist).should == @expected
else
expect { mod.passwords_from_wordlist(wordlist) }.to raise_error(@exception)
end
end
context 'when the wordlist is a file' do
context 'when encoded with ISO-8859-1' do
let(:wordlist) { wordlist_iso }
it 'returns the expected passwords' do
@expected = expected << "kansei\xA3\xD4"
end
end
context 'when encoded with UTF-8' do
let(:wordlist) { wordlist_utf8 }
it 'returns the expected passwords' do
@expected = expected << 'kansei£Ô'
end
end
end
context 'when the wordlist is an Array<String>' do
let(:wordlist) { %w{hello pwet yolo} }
it 'returns it' do
@expected = wordlist
end
end
context 'when the wordlist is invalid' do
let(:wordlist) { 200 }
it 'raises an error' do
@exception = exception
end
end
end
describe '#valid_password?' do
let(:response) { Typhoeus::Response.new(resp_options) }
let(:resp_options) { {} }
let(:return_to) { 'http://www.example.com/asdf/' }
let(:resp_options) { {} }
after do
wp_user.valid_password?(response, 'password', return_to).should == @expected
wp_user.valid_password?(response, 'password', redirect_url).should == @expected
end
context 'when 302 and valid return_to parameter' do
let(:resp_options) { { code: 302, headers: { 'Location' => return_to } } }
let(:resp_options) { { code: 302, headers: { 'Location' => redirect_url } } }
it 'returns true' do
@expected = true
end
it 'returns true' do @expected = true end
end
context 'when 302 and invalid return_to parameter' do
let(:resp_options) { { code: 302, headers: { 'Location' => nil } } }
it 'returns false' do
@expected = false
end
it 'returns false' do @expected = false end
end
context 'when login_error' do
let(:resp_options) { { body: '<div id="login_error">' } }
it 'returns false' do
@expected = false
end
it 'returns false' do @expected = false end
end
context 'when timeout' do
let(:resp_options) { { return_code: :operation_timedout } }
it 'returns false' do
@expected = false
end
it 'returns false' do @expected = false end
end
context 'when no response from server (status = 0)' do
let(:resp_options) { { code: 0 } }
it 'returns false' do
@expected = false
end
it 'returns false' do @expected = false end
end
context 'when error 50x' do
let(:resp_options) { { code: 500 } }
it 'returns false' do
@expected = false
end
it 'returns false' do @expected = false end
end
context 'when unknown response' do
let(:resp_options) { { code: 202 } }
it 'returns false' do
@expected = false
end
it 'returns false' do @expected = false end
end
end
@@ -127,14 +66,14 @@ shared_examples 'WpUser::BruteForcable' do
end
describe '#brute_force' do
let(:passwords) { %w{pass1 pass2 yolo kansei£Ô} }
let(:login) { 'someuser' }
let(:redirect_url) { 'http://www.example.com/asdf/' }
let(:login) { 'someuser' }
after do
wp_user.login = login
wp_user.brute_force(passwords, {}, redirect_url)
wp_user.password.should == @expected
[wordlist_utf8, wordlist_iso].each do |wordlist|
wp_user.login = login
wp_user.brute_force(wordlist, {}, redirect_url)
wp_user.password.should == @expected
end
end
context 'when no password is valid' do
@@ -149,14 +88,29 @@ shared_examples 'WpUser::BruteForcable' do
end
end
context 'when no redirect_url is given' do
let(:redirect_url) { nil }
before do
stub_request(:post, wp_user.login_url).to_return(status: 302, headers: { 'Location' => 'wrong-location' } )
end
it 'does not set the @password' do
@expected = nil
end
end
context 'when a password is valid' do
# Due to the error with .with(body: { log: login }) above
# We can't use it to stub the request for a specific password
# So, the first one will be valid
before { stub_request(:post, wp_user.login_url).to_return(status: 302, headers: { 'Location' => redirect_url } ) }
before do
stub_request(:post, wp_user.login_url).to_return(status: 302, headers: { 'Location' => redirect_url } )
end
it 'sets the @password' do
@expected = passwords[0]
@expected = 'password1'
end
end
end

5
spec/shared_examples/wp_users/brute_forcable.rb
View File

@@ -5,19 +5,16 @@ shared_examples 'WpUsers::BruteForcable' do
describe '#brute_force' do
let(:range) { (1..10) }
let(:wordlist) { 'somefile.txt'}
let(:passwords) { %w{password 123456 0000} }
let(:brute_force_opt) { {} }
it 'calls #brute_force on each wp_user' do
range.each do |id|
wp_user = WpUser.new(uri, id: id)
wp_user.should_receive(:brute_force).with(passwords, brute_force_opt)
wp_user.should_receive(:brute_force).with(wordlist, brute_force_opt)
wp_users << wp_user
end
WpUser::BruteForcable.stub(:passwords_from_wordlist).with(wordlist).and_return(passwords)
wp_users.brute_force(wordlist, brute_force_opt)
end
end