Open iamthefrogy opened 4 months ago
Thanks for your feature request @iamthefrogy , we'll take a look into it!
We also have a Discord server, which you’re more than welcome to join. It's a great place to connect with fellow contributors and stay updated with the latest developments!
@Mzack9999 fyi
Thanks will keep an eye.
Hey, I have created one for me in bash. I have tested on small to medium targetd and appear to be working fine.
FYI
Can you implement one more flag which checks whether given application is dynamic or static? Out of many different factors to call something dynamic one of them is login interface. If any of below criteria matches then it's a login interface.
Check for URL Patterns Some webpages might redirect users to standard login URLs or include specific paths in their URLs (like /login, /signin, /auth, etc.). Examining the links or form action URLs for such patterns can be a clue.
Look for Text Labels Beyond input field names and IDs, check the labels or placeholders associated with input fields. Phrases like "Enter your username", "Sign in to continue", "Access your account", etc., can indicate login fields.
Look for SSL/TLS Indicators Forms intended for logging in are typically served over HTTPS to ensure security. Checking if the form’s action URL uses HTTPS can be a crucial indicator.
Presence of Social Media Login Options Detection of elements related to OAuth or social media logins (like buttons for "Log in with Google", "Sign in with Facebook") can also indicate the presence of login mechanisms.
Common Frameworks and Libraries Some web applications use popular frameworks (like React, Angular Wordpress Joomla) or libraries for building forms. Identifying specific CSS classes or data attributes associated with these can hint at login forms.
Reset Password or Forgot Password Links Forms associated with these links are typically part of login or account management interfaces.
By combining these techniques, you can create a more robust system for identifying login interfaces, making your detection logic more comprehensive and less prone to missing potential login forms on a website.