LeakHunter/CorporatePatternChecker.java at main · Und3rTakerOPS/LeakHunter · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

import java.util.*;

public class CorporatePatternChecker implements PasswordPatternChecker {
    private final List<String> companyKeywords;

    public CorporatePatternChecker(List<String> companyKeywords) {
        this.companyKeywords = companyKeywords;
    }

    @Override
    public List<Finding> check(String password) {
        List<Finding> findings = new ArrayList<>();
        String pwLow = password.toLowerCase();
        for (String part : companyKeywords) {
            if (part.length() > 2 && pwLow.contains(part)) {
                findings.add(new Finding(
                    Finding.Severity.CRITICAL,
                    "Pattern aziendale rilevato: \"" + part + "\"",
                    "In un targeted attack, nome aziendale, acronimi e varianti sono testati sistematicamente."
                ));
                break;
            }
        }
        return findings;
    }

    @Override
    public String getName() {
        return "Pattern aziendale";
    }
}