Skip to content

Instantly share code, notes, and snippets.

Last active September 27, 2020 14:44
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save JonCooperWorks/d43c739020a5d98f51ce831edd5c8f6e to your computer and use it in GitHub Desktop.
package main
import (
type bruteForceSuccessful struct {
logger *log.Logger
func (b *bruteForceSuccessful) Listen(results <-chan *httpfuzz.Result) {
for result := range results {
// This is a buffer, ReadAll shouldn't fail
body, _ := ioutil.ReadAll(result.Response.Body)
if !bytes.Contains(body, []byte("Username and/or password incorrect")) {
b.logger.Printf("Password found: %s", result.Payload)
// New returns a bruteForceSuccessful plugin that detects if a brute force is successful on DWVA.
// This plugin simply logs all output to stdout, but plugins can save requests to disk, database or even send them to other services for further analysis.
func New(logger *log.Logger) (httpfuzz.Listener, error) {
return &bruteForceSuccessful{logger: logger}, nil
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment