Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Identify apps with login page #1691

Open
iamthefrogy opened this issue May 8, 2024 · 4 comments
Open

Identify apps with login page #1691

iamthefrogy opened this issue May 8, 2024 · 4 comments
Assignees
@dogancanbakir
Labels
Investigation Something to Investigate Type: Discussion Some ideas need to be planned and disucssed to come to a strategy. Type: Enhancement Most issues will probably ask for additions or changes.

Comments

@iamthefrogy
Copy link

iamthefrogy commented May 8, 2024
edited

Can you implement one more flag which checks whether given application is dynamic or static? Out of many different factors to call something dynamic one of them is login interface. If any of below criteria matches then it's a login interface.

  1. Check for URL Patterns
    Some webpages might redirect users to standard login URLs or include specific paths in their URLs (like /login, /signin, /auth, etc.). Examining the links or form action URLs for such patterns can be a clue.

  2. Look for Text Labels
    Beyond input field names and IDs, check the labels or placeholders associated with input fields. Phrases like "Enter your username", "Sign in to continue", "Access your account", etc., can indicate login fields.

  3. Look for SSL/TLS Indicators
    Forms intended for logging in are typically served over HTTPS to ensure security. Checking if the form’s action URL uses HTTPS can be a crucial indicator.

  4. Presence of Social Media Login Options
    Detection of elements related to OAuth or social media logins (like buttons for "Log in with Google", "Sign in with Facebook") can also indicate the presence of login mechanisms.

  5. Common Frameworks and Libraries
    Some web applications use popular frameworks (like React, Angular Wordpress Joomla) or libraries for building forms. Identifying specific CSS classes or data attributes associated with these can hint at login forms.

  6. Reset Password or Forgot Password Links
    Forms associated with these links are typically part of login or account management interfaces.

By combining these techniques, you can create a more robust system for identifying login interfaces, making your detection logic more comprehensive and less prone to missing potential login forms on a website.
@iamthefrogy iamthefrogy added the Type: Enhancement Most issues will probably ask for additions or changes. label May 8, 2024
@GeorginaReeder
Copy link

Thanks for your feature request @iamthefrogy , we'll take a look into it!

We also have a Discord server, which you’re more than welcome to join. It's a great place to connect with fellow contributors and stay updated with the latest developments!

@dogancanbakir dogancanbakir self-assigned this May 8, 2024
@dogancanbakir dogancanbakir added Type: Discussion Some ideas need to be planned and disucssed to come to a strategy. Investigation Something to Investigate labels May 8, 2024
@dogancanbakir
Copy link
Member

@Mzack9999 fyi

@iamthefrogy
Copy link
Author

Thanks will keep an eye.

@iamthefrogy
Copy link
Author

Hey, I have created one for me in bash. I have tested on small to medium targetd and appear to be working fine.

FYI

https://github.com/iamthefrogy/LoginLocator

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dogancanbakir dogancanbakir

Labels
Investigation Something to Investigate Type: Discussion Some ideas need to be planned and disucssed to come to a strategy. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@iamthefrogy @dogancanbakir @GeorginaReeder