package org.pwnpress.scanner.modules;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Base64;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.pwnpress.utils.CustomFormat;

/* loaded from: input_file:org/pwnpress/scanner/modules/UserEnumerationChecker.class */
public class UserEnumerationChecker {
    public static void checkUserEnumeration(String str) {
        boolean z = false;
        if (checkUserEnumerationViaJSONAPI(str)) {
            z = true;
        }
        if (z) {
            return;
        }
        System.out.println("\n[x] User enumeration not possible.");
    }

    private static boolean checkUserEnumerationViaJSONAPI(String str) {
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str + "wp-json/wp/v2/users").openConnection();
            httpURLConnection.setRequestMethod("GET");
            if (httpURLConnection.getResponseCode() != 200) {
                return false;
            }
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
            StringBuilder sb = new StringBuilder();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                sb.append(readLine);
            }
            bufferedReader.close();
            JSONArray jSONArray = new JSONArray(sb.toString());
            System.out.println("\n[+] User enumeration:");
            for (int i = 0; i < jSONArray.length(); i++) {
                JSONObject jSONObject = jSONArray.getJSONObject(i);
                String string = jSONObject.getString("slug");
                String string2 = jSONObject.getString("name");
                System.out.println(" └─ [!] User found:");
                System.out.println("     ├─ " + string2);
                System.out.println("     └─ Username:" + string);
                System.out.println();
            }
            return true;
        } catch (IOException | JSONException e) {
            System.out.println("Error: " + e.getMessage());
            return false;
        }
    }

    private static void checkWeakPasswords(String str, String str2) {
        try {
            String[] strArr = {"password1", "password123", "123456", "admin", "qwerty", "letmein", "abc123"};
            boolean z = false;
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String str3 = strArr[i];
                if (attemptLogin(str, str2, str3)) {
                    z = true;
                    String color = CustomFormat.getColor("great");
                    System.out.println("[+] Weak password detected for username " + color + str2 + CustomFormat.resetColor() + ":" + color + str3 + CustomFormat.resetColor());
                    break;
                }
                i++;
            }
            if (!z) {
                System.out.println("[-] No weak passwords found for username " + str2);
            }
        } catch (IOException e) {
            System.out.println("[!] Error checking weak passwords: " + e.getMessage());
        }
    }

    private static boolean attemptLogin(String str, String str2, String str3) throws IOException {
        String encodeToString = Base64.getEncoder().encodeToString((str2 + ":" + str3).getBytes());
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str + "wp-login.php").openConnection();
        httpURLConnection.setRequestMethod("GET");
        httpURLConnection.setRequestProperty("Authorization", "Basic " + encodeToString);
        int responseCode = httpURLConnection.getResponseCode();
        return responseCode == 200 || responseCode == 302 || responseCode == 301;
    }
}
