Merge branch 'master' of https://github.com/enkomio/Taipan

enkomio · Jan 5, 2019 · c615e95 · c615e95
2 parents 4fc5c44 + 09d88bc
commit c615e95
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/Doc/Http and Web Form bruteforcing.md b/Doc/Http and Web Form bruteforcing.md
@@ -1,2 +1,7 @@
 # Http and Web Form bruteforcing
-One of the many Taipan addOn, allows to execute an HTTP of Web Form authentication bruteforcing. In this page we will see how to customize this process.
+This AddOn allows to execute an HTTP or Web Form authentication bruteforcing. In order to do so it verify the response code (in case of HTTP bruteforcing) or use a custom heuristic in order to identify if the page returned an authenticated content or not (in case of Web Form authentication).
+
+Under the folder _Data\AddOnStorage\Web Form Bruteforcer AddOn_ you will find three XML files (the file format is self explanatory):
+  * **Combinations.xml** contains the combination of user/password to use. This is useful to test for default account
+  * **Usernames.xml** contaions the list of username to bruteforce. It is suggested to not include a long list, since for each username the entire password list is used in order to bruteforce it
+  * **Passwords.xml** contains the password to use in order to bruteforce all usernames 
diff --git a/Doc/LuaScript.md b/Doc/LuaScript.md
@@ -16,4 +16,13 @@ The parameters meaning are:
    * **ApplicationName** The application name that is identified. This name will be displayed in the result report
    * **TargetLanguage** The language that was used to develop the application. For Wordpress is PHP
 
- WIP
+## Global vars
+In order to report to Taipan the Application that was identified and its version, the script must set a couple of global vars that will be later used by the Taipan scanner. Each script must return a _Boolean_ result after its execution. The result meaning is:
+
+* True: if the script was able to identify a given application version
+* False: otherwise
+
+If the script is able to identify the application, the version must be placed in a global vaiables named *appVersion*.
+
+The format of this variable must be compliant to the <a href="https://semver.org/">Semantic Version</a> standard. For a sample of LUA script take a look at the <a href="https://github.com/enkomio/Taipan/blob/master/Src/ES.Taipan.Fingerprinter/Lua/Php/Joomla/joomla.lua">Joomla fingeprintg script</a>.
+