Skip to content

Home

Jump to bottom Edit New page
Roberto Salgado edited this page Nov 17, 2015 · 18 revisions

Credmap Wiki

Welcome to the credmap wiki!

Site Template

Here you will find the "site-template.xml" file which contains all possible tags that can be used in the XML file to perform a login on a website. A description of what each tag does can be found below.

<properties>
	<name value="" />
	<description value="" />
	<login_url value="" />
	<valid_password value="" />
	<invalid_http_status value="" msg="" />
	<invalid_password value="" />
	<invalid_account value="" />
	<inactive_account value="" />
	<custom_search value="" regex="" />
	<captcha_flag value="" />
	<valid_response_header value="" type="" />
	<custom_response_header value="" msg="" />
	<headers value="" />
	<cookies value="" />
	<user_agent value="" />
	<username_or_email value="" />
	<email_exception value="" />
	<login_parameter value="" type="" />
	<password_parameter value="" type="" />
	<csrf_token_name value="" />
	<csrf_url value="" />
	<csrf_regex value="" />
	<csrf_setcookie_regex value="" />
	<csrf_start value="" />
	<csrf_end value="" />
	<data value="" />
	<multiple_params value="">
	    <param value="" regex="" type="" />
	    <param value="" regex="" type="" />
	    <param value="" regex="" type="" />
	</multiple_params>
</properties>

Tags Description

Name

This tag is used to set the name of the site to be tested. This name is displayed when using the --list arg.

Description

This tag is used to set a description of the site to be tested. This information will be displayed via an arg in a future version.

Login_URL

This tag is used to set the URL where the login request will be performed.

Valid_Password

This tag can be used to set a string to be searched for in the login response when the supplied credentials are valid.

Invalid_HTTP_Status

This tag can be used to set an HTTP status code to look for in the login response via the "value" attribute. If the specified status code is detected, the program will output "Credentials were incorrect.", unless a custom message is set via the "msg" attribute.

<invalid_http_status value="503" msg="All of the servers are busy right now." />

Invalid_Password

This tag can be used to set a string to be searched for in the login response when the supplied credentials are invalid.

Invalid_Account

This tag can be used to set a string to be searched for in the login response when the supplied user account does not exist on the website.

Inactive_Account

This tag can be used to set a string to be searched for in the login response when the supplied user account has been disabled or is not active on the website.

Custom_Search

This tag can be used to set a custom REGEX to be searched for in the login response. The "value" attribute is used to set the message that will be displayed on the console and the "regex" attribute to specify the REGEX pattern to match.

<custom_search value="Temporary server internal error." regex="Internal\sError\.\sPlease\stry\sagain\slater\." />

Captcha_Flag

This tag can be used to set a string to be searched for in the login response when a captcha has been detected.

Valid_Response_Header

This tag can be used to set a string to be searched for in the headers, and cookies when a valid login is performed. The specified string to look for is set via the "value" attribute which can be a normal string or a REGEX pattern. The "type" attribute must be set to "regex" for REGEX matching.

Examples
Normal Search
<valid_response_header value="session=" />

REGEX search
<valid_response_header value="sess-at-main=&quot;[^&quot;]+&quot;" type="regex" />

Custom_Response_Header

Add a custom footer
Add a custom sidebar
Clone this wiki locally