/usr/share/w3af/profiles/bruteforce.pw3af is in w3af-console 1.0-rc3svn3489-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 | [profile]
description = Bruteforce form or basic authentication access controls using default credentials. To run this profile, set the target URL to the resource where the access control is, and then click on Start.
name = bruteforce
[output.gtkOutput]
[misc-settings]
exportFuzzableRequests =
maxThreads = 15
fuzzFormComboValues = tmb
fuzzFCExt = txt
autoDependencies = True
demo = False
fuzzableHeaders =
fuzzCookie = False
fuzzFileContent = True
fuzzFileName = False
maxDiscoveryTime = 120
nonTargets =
[http-settings]
proxyPort = 8080
urlParameter =
never404 =
basicAuthDomain =
maxFileSize = 400000
always404 =
headersFile =
proxyAddress =
maxRetrys = 2
ntlmAuthUser =
ntlmAuthPass =
ignoreSessCookies = False
timeout = 10
userAgent = w3af.sourceforge.net
basicAuthUser =
basicAuthPass =
404string =
cookieJarFile =
[bruteforce.formAuthBrute]
profilingNumber = 50
useMails = True
useLeetPasswd = True
useProfiling = True
passEqUser = True
useMailUsers = True
passwdFile = core/controllers/bruteforce/passwords.txt
usersFile = core/controllers/bruteforce/users.txt
stopOnFirst = True
useSvnUsers = True
[bruteforce.basicAuthBrute]
profilingNumber = 50
useMails = True
useLeetPasswd = True
useProfiling = True
passEqUser = True
useMailUsers = True
passwdFile = core/controllers/bruteforce/passwords.txt
usersFile = core/controllers/bruteforce/users.txt
stopOnFirst = True
useSvnUsers = True
[output.console]
verbose = True
|