forked from dmknght/BruteforceHTTP
-
Notifications
You must be signed in to change notification settings - Fork 0
/
TODO
93 lines (85 loc) · 4.51 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
Project:
☐ Docker
✘ Python 3 @cancelled(19-02-05 21:46) Stupid syntax
Core:
✔ Improve multithreading @done(19-01-13 19:45)
☐ Memory management
✔ Improve URL handling @options @user_communication @done(19-01-22 14:28)
☐ Check URL format (protocol://[domain].[field] @options @high
✔ Final result combine with list IP @started(19-01-13 21:13) @done(19-01-13 22:39) @lasted(1h26m7s)
☐ Add hotkey to terminate child task only
✔ Task freezy if gets blocked (set timeout) @mechanize @attack_module @high @done(19-01-14 01:41)
☐ Upgrade user-agent
✔ Session issue if webshell URL after dvwa URL @mechanize @attack_module @done(19-02-05 22:04)
☐ Improve exception in check_login
✔ Fix loginInfo = False causes iterable error message @done(19-02-06 21:16)
Mechanize:
☐ Javascript Login Form
✔ Fix form has name control only (no id) @done(19-01-13 19:45)
☐ Unsafe SSL website
☐ Website redirection
☐ Form has other tags inside @bug @critical @form_parse
User communication:
✔ Multithreading issue w/ status bar, result @done(19-01-13 19:45)
☐ Result, reporting
✔ Better module for getting user options @done(19-01-13 19:45)
☐ Save creds to db
☐ Create GUI interface
✔ print table bug when print webshell password (password only) @done(19-01-22 12:05)
Attack modules:
✔ HTTP Basic authenticate @done(19-01-13 19:45)
☐ Captcha
✔ Password form only (webshell, etc..) login @done(19-01-13 19:46)
2 submit times website (google, yahoo):
☐ Parse login form 2 times
☐ Matching condition
☐ Combine with project
☐ Auto detect instead of choose option manually @user_communication
HTTP GET:
☐ Use proxy for attacking tasks @extras @getproxy
☐ Combine with reauth @extras
✘ Show wrong creds sometimes @bug @high @match_condition @cancelled(19-01-25 11:12) authentication bypassed (possibly race condition vuln)
Login Brute:
✔ Improve exception @done(19-01-22 14:28)
Attack conditions:
Scan list IPs:
✔ Create new options variable @started(19-01-13 19:53) @done(19-01-13 21:09) @lasted(1h16m3s)
✔ Add help text @done(19-01-13 19:46)
✔ Generate tasks from IP @started(19-01-13 19:53) @done(19-01-13 21:09) @lasted(1h16m12s)
✔ Combine with banner @started(19-01-13 19:53) @done(19-01-13 20:54) @lasted(1h1m47s)
✔ Split proxy list and live proxy list, combine with single IP @extras @getproxy @done(19-01-17 11:46)
☐ Mix with reauth @extras
✔ Mix with HTTP GET @attack_module @done(19-01-13 21:52)
✔ Program does not stop when Ctrl + C @bug @critical @core @done(19-01-13 23:43)
✔ Exception catches wrong @done(19-01-13 23:47)
✔ Fix banner if options.url (no list) @bug @user_communication @low @done(19-01-14 07:03)
✔ Report for multiple users shows first element of sub-elements only @user_communication @high @done(19-01-24 17:02)
✔ No username if use both webshell and user login @critical @core @done(19-02-05 21:48)
✔ Wrong attack mode if have both http get and http post form login @critical @form_parse @core @done(19-01-24 16:31)
Better form detecting and parsing:
☐ Webshell has text control only
☐ Form has captcha
Better matching condition:
☐ WAF shows block messages
☐ Website redirects using meta tag @mechanize
☐ Website directs to error page with no login form
Extras:
☐ Password generating
SQL Injection bypass login:
☐ Detect SQL error
☐ Test SQL error with page has similar response (before submit)
☐ Improve check options (loop)
☐ Generate payload (boolean-based)
☐ Cases with / without username / double payload (both username and password field)
Shodan:
☐ Parse ip list from shodan, replace URL options
☐ Add option to add URL after ip list
BUG:
☐ ReAuth: Can't find login form at https://mail.protonmail.com/login @mechanize @extras
☐ ReAuth: Can't find login form at https://mega.nz/login @mechanize @extras
☐ no control matching name 'session[password]' at https://mobile.twitter.com/login @mechanize @form_parse
✔ no control matching name 'password' at https://github.com/login @done(19-01-13 20:04)
☐ ReAuth: double free in remove url from list @syntax @loop @extras @high
☐ Tomcat manager (< 5.x) wrong @bug @critical @attack_module @form_parse @match_condition
☐ Proxy timeout or connection error after check @extras @getproxy @critical
✔ Fix path file if pwd != project folder @extras @getproxy @user_communication @done(19-01-17 16:55)