-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: mvp router login brute force impl #14
Conversation
get latest updates from main
when button is pressed, check_admin_creds is called in the backend, which was originally named scan_http_port
if got_redirect_response(text.as_str()) { | ||
let redirected = get_redirected_response(text.as_str(), client.clone(), address.as_str()) | ||
.await | ||
.unwrap(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use a ? to propagate the error instead of causing a panic if the unwrap fails
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks overall good, but would be better to avoid using unwrap in production because of potential panics.
fn find_endpoints_from_code(code: &str) -> Vec<String> { | ||
// find all possible endpoints within the javascript code | ||
let regex_pattern = r#""(/[a-zA-Z0-9\/]+)""#; | ||
let rx = Regex::new(regex_pattern).unwrap(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code might panic if regex is not initilized. This is unlikely but maybe better to handle with a result type which returns an error. Then this could look something like this:
-> Result<Vec, Err>
let rx = Regex::new(regex_pattern)?;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also applies to the find_script_src
.send() | ||
.await; | ||
|
||
return request.unwrap(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unwrap on return can be dangerous
Fixed! |
…tsFail get latest updates from main
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great job!
In this PR, a minimally viable version of an admin brute force attack is attempted on the user's router, notifying the user if valid credentials were found.
When activated: