BruCON 2012 (Lightning Talk)
Ghent, Belgium (27th Sept. 2012)
Cutting accounts down to scythe!
---------- Abstract: ----------
Scythe is a framework for user/account enumeration. It is designed to allow users to easily extend and add new modules as required for POC attacks during penetration tests.
The framework offers the ability to check a list of user accounts/email addresses against a given website to see which accounts are valid.
Advanced features include cookie and CSRF token support, as well as error detection and timeout/retry functions.
Currently in beta, available from gi
22. <headers></headers>
<requestCookie>False</requestCookie>
<requestCSRF>False</requestCSRF>
<successmatch>The password you entered for the email or
user</successmatch>
<negativematch>Invalid email or username</negativematch>
<errormatch>You have exceeded the login limit</errormatch>
<date>13/09/2012</date>
<version>2</version>
<author>CJR</author>
<category>blogs</category>
</site>
</module>
30. Goals
Flexible Running
Single module (targeted)
--single wordpress.com
Category of modules
--category=blogs
Single account
--account=test
Filename containing accounts
--accountfile=accounts.txt
31. Goals
Flexible Handling
Error detection
Retry on error (<errorcode>)
-- retries and --retrytime
Handles cookies and CSRF tokens
<CSRF_URL>
<CSRF_regex> to extract token
Insert into request using <CSRFTOKEN>
32. Goals
Flexible Output
Verbose output
Detailed request info
Output success to file
Summary at completion
Debug mode
Stores body and headers for each request