Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a generic tool that is able to bruteforce login forms, regardless of what type of login form it is #249

Open
kazet opened this issue Mar 2, 2023 · 3 comments
Open

Add a generic tool that is able to bruteforce login forms, regardless of what type of login form it is #249

kazet opened this issue Mar 2, 2023 · 3 comments
Assignees
@anna1492
Labels
high-priority new vulnerabilities or interesting findings
Milestone
9.11-7.12.2023 sp...

Comments

@kazet
Copy link
Member

kazet commented Mar 2, 2023

No description provided.

@kazet
Copy link
Member Author

kazet commented Mar 2, 2023
edited

joomla,phppgadmin,nextcloud,jenkins,...

@kazet
Copy link
Member Author

kazet commented Aug 13, 2023
edited

high-level purpose: be able to check whether admin/admin login/password pair works on any type of admin panel - a tool that is able to bruterforce login forms regardless of what type of form is it

subtasks:

  1. build a small Docker-based test suite with a couple (5-10) admin panels (skip WordPress as we already have support) including e.g. Django and some diy cms
  2. research whether there exist tools that do this. check them
  3. if there are no such tools, write one (initially as a standalone Python script)
  4. wrap chosen tool (existing or custom-built one) into Artemis as Artemis module (you may get the general skeleton from https://github.com/CERT-Polska/Artemis/blob/main/artemis/modules/mysql_bruter.py)
  5. add Artemis reporting module that will send automatic e-mail reports (inspired by e.g. https://github.com/CERT-Polska/Artemis/tree/main/artemis/reporting/modules/mysql_bruter)
    6 make sure the test suite passes (the test could be inspired e.g. by https://github.com/CERT-Polska/Artemis/blob/main/test/reporting/test_bruter_autoreporter_integration.py)

@kazet
Copy link
Member Author

kazet commented Nov 2, 2023

does hydra solve the problem?

@kazet kazet added this to the 9-23.11.2023 sprint milestone Nov 13, 2023
anna1492 added a commit that referenced this issue Nov 30, 2023
@anna1492
Admin panels login - base (#249)
af40a65
anna1492 added a commit that referenced this issue Dec 6, 2023
@anna1492
Admin panels login -selenium base (#249)
580502a
anna1492 added a commit that referenced this issue Dec 8, 2023
@anna1492
Admin panels login - brute force logging in module (#249)
eaab344
anna1492 added a commit that referenced this issue Dec 8, 2023
@anna1492
Admin panels login - brute force logging in -tests (#249)
6bcc377
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@anna1492 anna1492

Labels
high-priority new vulnerabilities or interesting findings
Projects
None yet
Milestone
9.11-7.12.2023 sprint
Development

No branches or pull requests
2 participants
@kazet @anna1492