so that whois-ip will not make HTTP requests to iana.org unless it is
permitted to write the remote resources to a local file and to
subsequently read from the local file.
A problem encountered while obtaining or locally caching a remote IANA
assignment file for one address family will not prevent the use of an
assignment file corresponding to a different address family.
Instead of hard-coding the many-years-invalid IP address of
scanme.nmap.org, look it up via DNS. Even better, you can override the
host used for this purpose, in case you don't want to tip your hand.
Now can correctly handle complex token-based CSRF protections by grabbing all
fields from the login form and using session cookies from the form request.
These cookies are sent with subsequent redirect-following requests for better
failure detection. On success, cookies are cleared and re-acquired.
A database of known web apps' login forms is used for form detection, helpful
for those whose username and password fields do not begin with "user" and
"pass". Form mangling (to remove cookie checks in one instance) and custom
onsuccess functions are also supported. Tested: django, wordpress, mediawiki.
This *may* be a replacement (upon suitable testing) for http-wordpress-brute and
http-joomla-brute.
1. When the hostname script-arg was used, the script would try to
*connect* to that host instead of the target. Now the argument is used
*only* for the Host: header.
2. The http options table is reused for each request, significantly
reducing the load on the garbage collector over many requests.
3. Do not use both creds.Credentials:new() and creds.Account:new(),
since this results in double-reporting found credentials.
