From e04ec4d39e166fe1de889a0b187ed7a845c9cde8 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 20 Oct 2016 15:01:04 +0000
Subject: [PATCH] Add Drupal to known apps. Closes #555

---
 CHANGELOG                   |  3 +++
 scripts/http-form-brute.nse | 10 ++++++++++
 2 files changed, 13 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index 4950934b6..b75144014 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE][GH#555] Add Drupal to the set of web apps brute forced by
+  http-form-brute. [Nima Ghotbi]
+
 o [GH#350] Fix an assertion failure due to floating point error in equality
   comparison, which triggered mainly on OpenBSD:
     assertion "diff <= interval" failed: file "timing.cc", line 440
diff --git a/scripts/http-form-brute.nse b/scripts/http-form-brute.nse
index 1de18e283..0e433ebbf 100644
--- a/scripts/http-form-brute.nse
+++ b/scripts/http-form-brute.nse
@@ -135,6 +135,16 @@ local known_apps = {
     passvar = "password",
     onsuccess = "Set%-Cookie:%s*sessionid=",
   },
+  drupal = {
+    match = {
+      action = "user$",
+      id = "user%-login",
+    },
+    uservar = "name",
+    passvar = "pass",
+    onsuccess = "Location: .+user/%d",
+    sessioncookies = false,
+  },
   mediawiki = {
     match = {
       action = "action=submitlogin"