From 518d81406200051c1eee1bad5c99bf38d6e60737 Mon Sep 17 00:00:00 2001
From: Andreas Katzig <andreas.katzig@ottonova.de>
Date: Mon, 19 Aug 2019 17:27:21 +0200
Subject: [PATCH] Testing for rate limiting strings in lower case.

---
 modules/rate_limit.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/rate_limit.py b/modules/rate_limit.py
index 1931101..c736998 100644
--- a/modules/rate_limit.py
+++ b/modules/rate_limit.py
@@ -32,7 +32,7 @@ def generate_list(length,type):
 
 def brute_force(url,method,headers,body,attack_params,scanid):
 	attack_result = {}
-	failed_set = ['exceed','captcha','too many','rate limit','Maximum login']
+	failed_set = ['exceed','captcha','too many','rate limit','maximum login']
 	if len(attack_params) == 1:
 		# attack_params[0] is a first value from list Ex Pin, password
 		param_value = body[attack_params[0]] # param_value is a value of param. Example: 1234
@@ -68,7 +68,7 @@ def brute_force(url,method,headers,body,attack_params,scanid):
 			if len(brute_request.text) == http_len:
 				if str(brute_request.status_code)[0] == '2' or  str(brute_request.status_code)[0] == '4':
 					for failed_name in failed_set:
-						 if failed_name in brute_request.text:
+						 if failed_name in brute_request.text.lower():
 						 	# Brute force protection detected :-( 
 						 	result = False
 						 	break