def test(self): temp_name = next(tempfile._get_candidate_names()) defult_tmp_dir = tempfile._get_default_tempdir() filename = os.path.join(defult_tmp_dir, temp_name) # first session with wfuzz.get_session(prev_session_cli) as s: ret_list = [x.eval(x._description) if x._description else x.description for x in s.fuzz(save=filename)] # second session wfuzzp as payload with wfuzz.get_session(next_session_cli.replace("$$PREVFILE$$", filename)) as s: ret_list = [x.eval(x._description) if x._description else x.description for x in s.fuzz()] self.assertEqual(sorted(ret_list), sorted(expected_list))
def test_get_session(self): data = wfuzz.get_session('-z range,0-4 http://127.0.0.1/FUZZ').data self.assertEqual(data.get('url'), 'http://127.0.0.1/FUZZ') self.assertEqual(data.get('payloads'), [('range', { 'default': '0-4', 'encoder': None }, None)])
def scan_host(report_dir, schema, host): baseline = {} prev = {} found = 0 # using a random string for baseline random_string = "".join(choice(ALL_CHARS) for x in range(randint(24, 24))) payload = "/FUZZ{" + random_string + "}" sess = wfuzz.get_session(' '.join(w)) sess.hh = ['BBB'] if options.waf: h = [('X-Originating-IP', '127.0.0.1'), ('X-Forwarded-For', '127.0.0.1'), ('X-Remote-IP', '127.0.0.1'), ('X-Remote-Addr', '127.0.0.1'), ('Accept', '*/*'), ('referer', 'google.com'), ('Content-Type', 'application/json')] else: h = [] url = schema + host + payload for res in sess.fuzz(scanmode=True, url=url, headers=h): #print(res.history.headers.request) if res.code == -1: if res.is_baseline: sess.close() return False else: error = res.description #res.description = "*error*" if options.verbose: print("*error*" + res.description) continue else: if res.is_baseline: baseline = res prev = res res.description = "*baseline*" if filter_url(baseline, prev, res): if options.verbose: print(str(vars(res))) if res.md5: #host[res.description] = process_url(res) #process_url(res) write_raw_content(report_dir, host, res.md5, res.history.raw_content) found += 1 prev = res sess.close() print("Took %d seconds, found %s results, made %d requests.", int(sess.stats.totaltime), found, sess.stats.processed()) return True
def wfuzz_get_request(payload, url, parameters): fuzz_result_clusters = FuzzResultClusters() str = parameters[0] + "=FUZZ" for param in parameters[1:]: str += "&" + param + "=FUZZ" with wfuzz.get_session("{0} --hc 400,404,-1 -A -Z {1}?{2}".format( payload, url, str)) as s: for r in s.fuzz(): fuzz_result_clusters.append_entry(r) fuzz_result_clusters.get_request_output()
def fuzz_command(command, words, conn): s = wfuzz.get_session(command) # Clear out the wordlist file specifier s.data["payloads"] = None s.get_payloads([words]) for r in s.fuzz(): conn.sendall((r.__str__() + "\n").encode("utf-8")) conn.sendall("$$\n".encode("utf-8"))
def wfuzz_post_request(payload, url, parameters): fuzz_result_clusters = FuzzResultClusters() post_commands = "-d " + parameters[0] + "=FUZZ" for param in parameters[1:]: if "submit" in param.lower(): post_commands += "&" + param + "=Login" else: post_commands += "&" + param + "=FUZZ" with wfuzz.get_session("{0} {1} --hc 400,404,-1 -A -Z {2}".format( payload, post_commands, url)) as s: for r in s.fuzz(): fuzz_result_clusters.append_entry(r) fuzz_result_clusters.post_request_output()
def test_filter_prev_payload(): filename = get_temp_file() for res in wfuzz.get_session( "-z range --zD 0-0 -H test:1 -u http://localhost:9000/anything/FUZZ" ).fuzz(save=filename): pass filename_new = get_temp_file() for res in wfuzz.get_session( "-z wfuzzp --zD {} -u FUZZ -H test:2 --oF {}".format( filename, filename_new)).fuzz(save=filename_new): pass assert (len( list( wfuzz.get_session( "-z wfuzzp --zD {} --slice r.headers.request.test=2 --dry-run -u FUZZ" .format(filename_new)).fuzz())) == 1) assert (len( list( wfuzz.get_session( "-z wfuzzp --zD {} --slice FUZZ[r.headers.request.test]=1 --dry-run -u FUZZ" .format(filename_new)).fuzz())) == 1)
def fuzz_common_dir(url_addr): sys.stdout.write("\nWFuzz -- common directories, URL = " + url_addr + "\n") com_dir_list = [] fuzz_result_clusters = FuzzResultClusters() payload = "-z file,../wfuzz-master/wordlist/general/common.txt" if url_addr[-1] == "/": url_addr = url_addr[:-1] with wfuzz.get_session("{0} --hc 400,404,-1,403 -A -Z -u {1}/FUZZ".format( payload, url_addr)) as s: for r in s.fuzz(): if (r.code == 301 or r.code == 302) and str(r.history.headers.response.Location) != "": com_dir_list.append(str(r.history.headers.response.Location)) else: com_dir_list.append(r.url) fuzz_result_clusters.append_entry(r) fuzz_result_clusters.get_request_output() return com_dir_list
def test_get_session(self): data = wfuzz.get_session('-z range,0-4 http://127.0.0.1/FUZZ').data self.assertEqual(data.get('url'), 'http://127.0.0.1/FUZZ') self.assertEqual(data.get('payloads'), [('range', {'default': '0-4', 'encoder': None}, None)])
import pickle # TODO: Needs moving to command line input_string = "-u http://testphp.vulnweb.com/listproducts.php?cat=FUZZ -w ./test_wl.txt --hl 97 -s 0.7" nodes = [ "51.89.231.21:65432", "51.89.230.190:65432", "51.91.137.190:65432", "51.91.142.97:65432" ] def chunker_list(seq, size): return (seq[i::size] for i in range(size)) s = wfuzz.get_session(input_string) wl = json.loads(s.export_json())["wfuzz_recipe"]["payloads"][0][1]["default"] print("Reading wordlist: " + wl + "...") with open(wl, 'r') as f: lines = f.read().splitlines() print("Splitting up...") wl_parts = list(chunker_list(lines, len(nodes))) print("Sending to clients...") nodeSockets = {} nodeNum = 0 for node in nodes: try: nodeInfo = node.split(":")
def test_get_payload(session, expected_result): assert wfuzz.get_session(session).data == expected_result