search

projectdiscovery / httpx

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
https://docs.projectdiscovery.io/tools/httpx
MIT License
7.54k stars 823 forks source link

Identify apps with login page #1691

Open iamthefrogy opened 4 months ago

iamthefrogy commented 4 months ago

Can you implement one more flag which checks whether given application is dynamic or static? Out of many different factors to call something dynamic one of them is login interface. If any of below criteria matches then it's a login interface.

  1. Check for URL Patterns Some webpages might redirect users to standard login URLs or include specific paths in their URLs (like /login, /signin, /auth, etc.). Examining the links or form action URLs for such patterns can be a clue.

  2. Look for Text Labels Beyond input field names and IDs, check the labels or placeholders associated with input fields. Phrases like "Enter your username", "Sign in to continue", "Access your account", etc., can indicate login fields.

  3. Look for SSL/TLS Indicators Forms intended for logging in are typically served over HTTPS to ensure security. Checking if the form’s action URL uses HTTPS can be a crucial indicator.

  4. Presence of Social Media Login Options Detection of elements related to OAuth or social media logins (like buttons for "Log in with Google", "Sign in with Facebook") can also indicate the presence of login mechanisms.

  5. Common Frameworks and Libraries Some web applications use popular frameworks (like React, Angular Wordpress Joomla) or libraries for building forms. Identifying specific CSS classes or data attributes associated with these can hint at login forms.

  6. Reset Password or Forgot Password Links Forms associated with these links are typically part of login or account management interfaces.

By combining these techniques, you can create a more robust system for identifying login interfaces, making your detection logic more comprehensive and less prone to missing potential login forms on a website.

GeorginaReeder commented 4 months ago

Thanks for your feature request @iamthefrogy , we'll take a look into it!

We also have a Discord server, which you’re more than welcome to join. It's a great place to connect with fellow contributors and stay updated with the latest developments!

dogancanbakir commented 4 months ago

@Mzack9999 fyi

iamthefrogy commented 4 months ago

Thanks will keep an eye.

iamthefrogy commented 4 months ago

Hey, I have created one for me in bash. I have tested on small to medium targetd and appear to be working fine.

FYI

https://github.com/iamthefrogy/LoginLocator