-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathfuzz.py
executable file
·113 lines (84 loc) · 3.46 KB
/
fuzz.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
"""
file: fuzz.py
description: base script to call.
usage: python fuzz [discover | test] url OPTIONS
Project Team:
CHRISTOFFER ROSEN <[email protected]>
ISIOMA NNODUM <[email protected]>
SAMANTHA SHANDROW <[email protected]>
"""
import sys # For system arguments
import requests # requests HTTP library
import pprint
from logger import *
from custom_auth import * # Read in all hardcoded authentication
from options import * # Options parser
from discovery.discover import * # Module containing page discovery functions
from fuzzing.test import * # Module containing page test functions
pr = pprint.PrettyPrinter(indent=4)
(options, args) = parser.parse_args()
logger.info(options)
if len(sys.argv) < 4:
parser.error("incorrect number of arguments")
else:
action = sys.argv[1]
url = sys.argv[2]
if action == "discover" or action == "test":
page = None
session = None
# Ensure that required common-file option is set
if options.common_words is None:
parser.error("newline-delimited file of common words is required for discovery. Please run python fuzz.py --help for usage.")
elif options.vectors is None and action == "test":
parser.error("newline-delimited file of vectors is required for fuzzing/testing. Please run python fuzz.py --help for usage.")
elif options.sensitive is None and action == "test":
parser.error("newline-delimited file of sensitive data is required for fuzzing/testing. Please run python fuzz.py --help for usage.")
else:
# authentic if applicable to site
if options.app_to_auth is not None:
try:
username = custom_auth[options.app_to_auth.lower()]["username"]
password = custom_auth[options.app_to_auth.lower()]["password"]
except:
parser.error("application specified in --custom-auth does not exist!")
if options.app_to_auth.lower() == "dvwa":
# Details to be posted to the login form
payload = {
"username": username,
"password": password,
"Login": "Login"
}
session = requests.Session()
session.post(custom_auth[options.app_to_auth.lower()]["login_url"], data=payload)
page = session.get(url + "/" + options.app_to_auth)
# set the security cookie to low!
cookies = session.cookies
session_id = cookies["PHPSESSID"]
session.cookies.clear() # clear the cookies in the cookie
session.cookies["PHPSESSID"] = session_id
session.cookies["security"] = "low"
elif options.app_to_auth.lower() == "bodgeit":
# Just get the bodgeit page b/c there u don't need to authentication to use site.
session = requests.Session()
page = session.get(custom_auth[options.app_to_auth.lower()]["login_url"])
# No custom authentication given
else:
session = requests.Session()
page = session.get(url)
# make sure that url can be reached
if page.status_code != 200:
parser.error("Cannot reach the URL specified")
else:
logger.info("Successfully reached page!")
# time to discover
discovered_urls, session = page_discovery(page, session, options.common_words, options.app_to_auth)
discovered_pages = list()
for url in discovered_urls:
inputs, session = input_discovery(url,session, options.app_to_auth)
discovered_page = { 'url': url, 'inputs': inputs }
discovered_pages.append(discovered_page)
#pr.pprint(discovered_pages)
if action == "test":
test_pages(discovered_pages, session, options)
else:
parser.error("invalid action")