Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
926
stars
120
forks
source link
Flawed logic in EWS results improper detection #45
Closed
0xInfection closed 1 year ago
First of all thank you for the tool!
I've been playing around with this tool for sometime and apparently the
ews
module results in false positives due to the flawed logic inside it.The first condition of the
if
statement apparently would not allow checking for the remainingelif
since500 != 401
(ifresp.status_code
is500
).Hence it would always result in a
SUCCESS
message.