AutoSecureOrg · daimbk · May 28, 2025 · May 27, 2025 · May 27, 2025 · May 28, 2025
diff --git a/app.py b/app.py
@@ -38,7 +38,6 @@
     process_rogue_data_for_json
 )
 from scripts.wifi_report import wifi_vuln_report
-
 from werkzeug.utils import secure_filename
 import uuid
 import zipfile
@@ -994,7 +993,7 @@ def website_scanner():
                                 status = "Safe"
 
                             print(
-                                f"DEBUG: Adding result - Type: {res_type}, Status: {status}, Payload: {str(res)[:50]}...")
+                                f"DEBUG: Adding result - Payload: {str(res)[:50]}...")
                             current_results_list.append({
                                 "type": res_type,
                                 "status": status,

diff --git a/scripts/login_bruteforce.py → scripts/payload_texts/login_bruteforce.py b/scripts/login_bruteforce.py → scripts/payload_texts/login_bruteforce.py
@@ -5,42 +5,26 @@
 from urllib.parse import urljoin
 
 def brute_force_login(page_url, session):
-    """
-    Attempts brute-force login by:
-    - Parsing the form dynamically
-    - Building the correct form action URL
-    - Submitting username/password combos
-
-    Args:
-        page_url (str): The URL where the login form is located.
-        session (requests.Session): Active session to maintain state.
-
-    Returns:
-        tuple or None: (username, password) if successful; else None.
-    """
-
     print(f"[*] Starting brute-force login on: {page_url}")
-
-    # Step 1: Fetch and parse the login page
+
     try:
         resp = session.get(page_url, timeout=10)
         soup = BeautifulSoup(resp.text, "html.parser")
     except Exception as e:
         print(f"[!] Failed to load login page: {e}")
         return None
 
-    # Step 2: Find form
     form = soup.find("form")
     if not form:
         print("[-] No <form> found on the page.")
         return None
 
-    # Step 3: Resolve action and method
     action = form.get("action")
+    print(" action",action )
     form_action = urljoin(page_url, action) if action else page_url
+    print("form action, ", form_action)
     method = form.get("method", "post").lower()
 
-    # Step 4: Extract input fields
     inputs = form.find_all("input")
     input_names = [i.get("name") for i in inputs if i.get("name")]
 
@@ -58,32 +42,39 @@ def brute_force_login(page_url, session):
         print("[-] Username or password file not found.")
         return None
 
-    # Step 5: Brute-force all combos
     for username, password in product(usernames, passwords):
         data = {}
-        for name in input_names:
-            if "user" in name or "email" in name or "login" in name:
+        for tag in inputs:
+            name = tag.get("name")
+            if not name:
+                continue
+            # Fill based on name heuristics
+            if any(k in name.lower() for k in ["user", "email", "uid", "login"]):
                 data[name] = username
-            elif "pass" in name:
+            elif any(k in name.lower() for k in ["pass", "pwd"]):
                 data[name] = password
             else:
-                data[name] = "test"
+                data[name] = tag.get("value", "test")  # Keep default or dummy
 
         print(f"Trying: {username} | {password}")
         try:
             if method == "post":
-                response = session.post(form_action, data=data)
+                response = session.post(form_action, data=data, timeout=10)
             else:
-                response = session.get(form_action, params=data)
+                response = session.get(form_action, params=data, timeout=10)
+            # Debugging output
+            if username == "admin" and password == "admin":
+                print(f"[DEBUG] Status: {response.status_code} | URL: {response.url}")
+                print(f"[DEBUG] Response Snippet:\n{response.text}\n")
+
             text = response.text.lower()
 
-            # Heuristic to detect login success
-            if any(k in text for k in ["logout", "welcome", "dashboard", "you have logged in"]):
+            if any(k in text for k in ["logout", "welcome", "dashboard", "you have logged in", "hello"]):
                 print(f"[+] Brute-force success: {username}:{password}")
                 return (username, password)
 
         except Exception as e:
-            print(f"[!] Error for {username}:{password} → {e}")
+            print(f"[!] Error during attempt {username}:{password} → {e}")
 
     print("[-] No valid credentials found.")
     return None
diff --git a/scripts/passwords.txt → scripts/payload_texts/passwords.txt b/scripts/passwords.txt → scripts/payload_texts/passwords.txt
diff --git a/scripts/usernames.txt → scripts/payload_texts/usernames.txt b/scripts/usernames.txt → scripts/payload_texts/usernames.txt