ztgrace
commented
7 years ago What version of Tomcat did you install? I think I've only tested against older versions like 5.5.
I like the idea of adding making the body a list instead of a string. It should be straight forward to change in in the schema.py, mkcred.py and then in the check_success method.
I'd be fine with not making the body text required as long as any supplied success criteria is "required" for that credential. So if you supplied both body and status, then we'd need to check both. So in your tomcat example, status and one of the body strings would need to match. But if you had a success like the code below, it would only check the status.
success:
status: 200How does that sound?
AlessandroZ
Hi,
I have installed a Tomcat server to test this module. However, the password has not been found. I have checked why and it is because the string "Tomcat Web Application Manager" is not present, but I have some other string such as "Welcome to Tomcat" that I can add
I think if you put that string is because it was present on your tomcat instance. So my idea was to change the schema of "body" to use list and not string. The user could add many trigger string and if one match the credentials are ok:
Moreover, I think this field should not be always required. For example only the status code could be checked for Tomcat (if it's equal to 200 it's ok). It could avoid false positive for this module (and maybe others).
If your ok to these modification I could do it. However, it will affect all yaml files so I want to be sure that you're ok about that.