def test(self):
temp_name = next(tempfile._get_candidate_names())
defult_tmp_dir = tempfile._get_default_tempdir()
filename = os.path.join(defult_tmp_dir, temp_name)
# first session
with wfuzz.get_session(prev_session_cli) as s:
ret_list = [x.eval(x._description) if x._description else x.description for x in s.fuzz(save=filename)]
# second session wfuzzp as payload
with wfuzz.get_session(next_session_cli.replace("$$PREVFILE$$", filename)) as s:
ret_list = [x.eval(x._description) if x._description else x.description for x in s.fuzz()]
self.assertEqual(sorted(ret_list), sorted(expected_list))
def test(self):
temp_name = next(tempfile._get_candidate_names())
defult_tmp_dir = tempfile._get_default_tempdir()
filename = os.path.join(defult_tmp_dir, temp_name)
# first session
with wfuzz.get_session(prev_session_cli) as s:
ret_list = [x.eval(x._description) if x._description else x.description for x in s.fuzz(save=filename)]
# second session wfuzzp as payload
with wfuzz.get_session(next_session_cli.replace("$$PREVFILE$$", filename)) as s:
ret_list = [x.eval(x._description) if x._description else x.description for x in s.fuzz()]
self.assertEqual(sorted(ret_list), sorted(expected_list))
def test_get_session(self):
data = wfuzz.get_session('-z range,0-4 http://127.0.0.1/FUZZ').data
self.assertEqual(data.get('url'), 'http://127.0.0.1/FUZZ')
self.assertEqual(data.get('payloads'), [('range', {
'default': '0-4',
'encoder': None
}, None)])
def scan_host(report_dir, schema, host):
baseline = {}
prev = {}
found = 0
# using a random string for baseline
random_string = "".join(choice(ALL_CHARS) for x in range(randint(24, 24)))
payload = "/FUZZ{" + random_string + "}"
sess = wfuzz.get_session(' '.join(w))
sess.hh = ['BBB']
if options.waf:
h = [('X-Originating-IP', '127.0.0.1'),
('X-Forwarded-For', '127.0.0.1'), ('X-Remote-IP', '127.0.0.1'),
('X-Remote-Addr', '127.0.0.1'), ('Accept', '*/*'),
('referer', 'google.com'), ('Content-Type', 'application/json')]
else:
h = []
url = schema + host + payload
for res in sess.fuzz(scanmode=True, url=url, headers=h):
#print(res.history.headers.request)
if res.code == -1:
if res.is_baseline:
sess.close()
return False
else:
error = res.description
#res.description = "*error*"
if options.verbose:
print("*error*" + res.description)
continue
else:
if res.is_baseline:
baseline = res
prev = res
res.description = "*baseline*"
if filter_url(baseline, prev, res):
if options.verbose:
print(str(vars(res)))
if res.md5:
#host[res.description] = process_url(res)
#process_url(res)
write_raw_content(report_dir, host, res.md5,
res.history.raw_content)
found += 1
prev = res
sess.close()
print("Took %d seconds, found %s results, made %d requests.",
int(sess.stats.totaltime), found, sess.stats.processed())
return True
def wfuzz_get_request(payload, url, parameters):
fuzz_result_clusters = FuzzResultClusters()
str = parameters[0] + "=FUZZ"
for param in parameters[1:]:
str += "&" + param + "=FUZZ"
with wfuzz.get_session("{0} --hc 400,404,-1 -A -Z {1}?{2}".format(
payload, url, str)) as s:
for r in s.fuzz():
fuzz_result_clusters.append_entry(r)
fuzz_result_clusters.get_request_output()
def fuzz_command(command, words, conn):
s = wfuzz.get_session(command)
# Clear out the wordlist file specifier
s.data["payloads"] = None
s.get_payloads([words])
for r in s.fuzz():
conn.sendall((r.__str__() + "\n").encode("utf-8"))
conn.sendall("$$\n".encode("utf-8"))
def wfuzz_post_request(payload, url, parameters):
fuzz_result_clusters = FuzzResultClusters()
post_commands = "-d " + parameters[0] + "=FUZZ"
for param in parameters[1:]:
if "submit" in param.lower():
post_commands += "&" + param + "=Login"
else:
post_commands += "&" + param + "=FUZZ"
with wfuzz.get_session("{0} {1} --hc 400,404,-1 -A -Z {2}".format(
payload, post_commands, url)) as s:
for r in s.fuzz():
fuzz_result_clusters.append_entry(r)
fuzz_result_clusters.post_request_output()
def test_filter_prev_payload():
filename = get_temp_file()
for res in wfuzz.get_session(
"-z range --zD 0-0 -H test:1 -u http://localhost:9000/anything/FUZZ"
).fuzz(save=filename):
pass
filename_new = get_temp_file()
for res in wfuzz.get_session(
"-z wfuzzp --zD {} -u FUZZ -H test:2 --oF {}".format(
filename, filename_new)).fuzz(save=filename_new):
pass
assert (len(
list(
wfuzz.get_session(
"-z wfuzzp --zD {} --slice r.headers.request.test=2 --dry-run -u FUZZ"
.format(filename_new)).fuzz())) == 1)
assert (len(
list(
wfuzz.get_session(
"-z wfuzzp --zD {} --slice FUZZ[r.headers.request.test]=1 --dry-run -u FUZZ"
.format(filename_new)).fuzz())) == 1)
def fuzz_common_dir(url_addr):
sys.stdout.write("\nWFuzz -- common directories, URL = " + url_addr + "\n")
com_dir_list = []
fuzz_result_clusters = FuzzResultClusters()
payload = "-z file,../wfuzz-master/wordlist/general/common.txt"
if url_addr[-1] == "/":
url_addr = url_addr[:-1]
with wfuzz.get_session("{0} --hc 400,404,-1,403 -A -Z -u {1}/FUZZ".format(
payload, url_addr)) as s:
for r in s.fuzz():
if (r.code == 301 or r.code
== 302) and str(r.history.headers.response.Location) != "":
com_dir_list.append(str(r.history.headers.response.Location))
else:
com_dir_list.append(r.url)
fuzz_result_clusters.append_entry(r)
fuzz_result_clusters.get_request_output()
return com_dir_list
def test_get_session(self):
data = wfuzz.get_session('-z range,0-4 http://127.0.0.1/FUZZ').data
self.assertEqual(data.get('url'), 'http://127.0.0.1/FUZZ')
self.assertEqual(data.get('payloads'), [('range', {'default': '0-4', 'encoder': None}, None)])
import pickle
# TODO: Needs moving to command line
input_string = "-u http://testphp.vulnweb.com/listproducts.php?cat=FUZZ -w ./test_wl.txt --hl 97 -s 0.7"
nodes = [
"51.89.231.21:65432", "51.89.230.190:65432", "51.91.137.190:65432",
"51.91.142.97:65432"
]
def chunker_list(seq, size):
return (seq[i::size] for i in range(size))
s = wfuzz.get_session(input_string)
wl = json.loads(s.export_json())["wfuzz_recipe"]["payloads"][0][1]["default"]
print("Reading wordlist: " + wl + "...")
with open(wl, 'r') as f:
lines = f.read().splitlines()
print("Splitting up...")
wl_parts = list(chunker_list(lines, len(nodes)))
print("Sending to clients...")
nodeSockets = {}
nodeNum = 0
for node in nodes:
try:
nodeInfo = node.split(":")
def test_get_payload(session, expected_result):
assert wfuzz.get_session(session).data == expected_result
