CoCalc -- login_error

GitHub Repository: wpscanteam/wpscan
Path: blob/master/app/finders/users/login_error_messages.rb
¹⁴⁷⁹ views
1
# frozen_string_literal: true
2

3
module WPScan
4
  module Finders
5
    module Users
6
      # Login Error Messages
7
      #
8
      # Existing username:
9
      #   WP < 3.1 - Incorrect password.
10
      #   WP >= 3.1 - The password you entered for the username admin is incorrect.
11
      # Non existent username: Invalid username.
12
      #
13
      class LoginErrorMessages < CMSScanner::Finders::Finder
14
        # @param [ Hash ] opts
15
        # @option opts [ String ] :list
16
        #
17
        # @return [ Array<User> ]
18
        def aggressive(opts = {})
19
          found = []
20

21
          usernames(opts).each do |username|
22
            res   = target.do_login(username, SecureRandom.hex[0, 8])
23
            error = res.html.css('div#login_error').text.strip
24

25
            return found if error.empty? # Protection plugin / error disabled
26

27
            next unless /The password you entered for the username|Incorrect Password/i.match?(error)
28

29
            found << Model::User.new(username, found_by: found_by, confidence: 100)
30
          end
31

32
          found
33
        end
34

35
        # @return [ Array<String> ] List of usernames to check
36
        def usernames(opts = {})
37
          # usernames from the potential Users found
38
          unames = opts[:found].map(&:username)
39

40
          Array(opts[:list]).each { |uname| unames << uname.chomp }
41

42
          unames.uniq
43
        end
44
      end
45
    end
46
  end
47
end
48

49
Product

Resources

Company
