Created
August 3, 2017 11:28
-
-
Save marcwickenden/8c6c3a474fc3165f311be9d62a5b0f38 to your computer and use it in GitHub Desktop.
Generate payloads for testing account lockout with Intruder
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Usage: ./generate-intruder-passwords ThisisthecorrectPassword123 20 | |
# | |
# The first argument is the correct password for the app. | |
# The second argument is the maximum number of password attempts to make. | |
# 20 is the default, if it hasn't locked you by then I'd say that's a finding. | |
# | |
# The script will simply increment up to $LIMIT outputting n incorrect passwords and then the correct one. | |
# We enter the correct one to potentially reset the incorrect count. | |
CORRECT_PASSWORD=${1:-Password1} | |
LIMIT=${2:-20} | |
for i in $(seq $LIMIT); do | |
seq $i | xargs -Iz echo IncorrectPassword | |
echo $CORRECT_PASSWORD | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment