Esempio n. 1
0
 def pathtraversal_fuzzer(self, flows):
     """
     Path Traversal Fuzzing Request
     """
     if not any(x in self.fuzzer_options["active_fuzzers"] for x in ["fuzz_path_traversal", "all"]):
         return
     self.write("Generating Path Traversal Fuzz Flows")
     for flow in flows:
         if not is_valid_flow(flow, self.fuzzer_options):
             continue
         if "url" in self.scope and flow.request.query:
             self.query_fuzz(flow)
     return self.pathtraversal_fuzz_flows
Esempio n. 2
0
 def header_checker(self, flows):
     """
     Check for Security Headers
     """
     if not any(x in self.fuzzer_options["active_fuzzers"]
                for x in ["fuzz_header_checks", "all"]):
         return
     self.write("Passive Header Checks")
     project_name = get_filename(self.fuzzer_options["flow_file"])
     self.report_file = os.path.join(settings.LOGS_DIR, project_name)
     for flow in flows:
         if is_valid_flow(flow, self.fuzzer_options):
             self.security_headers(flow)
Esempio n. 3
0
 def api_fuzzer(self, flows):
     """
     API Fuzz Request
     """
     if not any(x in self.fuzzer_options["active_fuzzers"]
                for x in ["fuzz_api", "all"]):
         return
     self.auth_apis = self.get_api_flows(flows)
     self.write("Generating API Rate Limit Fuzz Flows")
     for api_name, flow in self.auth_apis.items():
         if not is_valid_flow(flow, self.fuzzer_options):
             continue
         self.generate_rate_limit_flws(api_name, flow)
     return self.api_fuzz_flows
Esempio n. 4
0
 def xss_fuzzer(self, flows):
     """
     XSS Fuzzing Request
     """
     if not any(x in self.fuzzer_options["active_fuzzers"]
                for x in ["fuzz_xss", "all"]):
         return
     self.write("Generating XSS Fuzz Flows")
     for flow in flows:
         if not is_valid_flow(flow, self.fuzzer_options):
             continue
         if "url" in self.scope and flow.request.query:
             self.query_fuzz(flow)
     return self.xss_fuzz_flows
Esempio n. 5
0
 def deserialize_fuzzer(self, flows):
     """
     Deserialization Fuzzing Request
     """
     if not any(x in self.fuzzer_options["active_fuzzers"]
                for x in ["fuzz_deserialization_checks", "all"]):
         return
     self.write("Generating Deserialization Fuzz Flows")
     for flow in flows:
         if not is_valid_flow(flow, self.fuzzer_options):
             continue
         if flow.request.content:
             self.body_fuzz(flow)
         self.query_fuzz(flow)
     return self.deserialize_fuzz_flows
Esempio n. 6
0
 def xxe_fuzzer(self, flows):
     """
     XXE Fuzzing Request
     """
     if not any(x in self.fuzzer_options["active_fuzzers"] for x in ["fuzz_xxe", "all"]):
         return
     self.write("Generating XXE Fuzz Flows")
     for flow in flows:
         if not is_valid_flow(flow, self.fuzzer_options):
             continue
         # Fuzz Query
         self.query_fuzz(flow)
         # Fuzz Body
         if flow.request.content or is_xml_content_type(get_content_type_lower(flow.request)):
             self.body_fuzz(flow)
     return self.xxe_fuzz_flows
Esempio n. 7
0
 def ssrf_fuzzer(self, flows):
     """
     SSRF Fuzzing Request
     """
     if not any(x in self.fuzzer_options["active_fuzzers"]
                for x in ["fuzz_ssrf", "all"]):
         return
     self.write("Generating SSRF Fuzz Flows")
     for flow in flows:
         if not is_valid_flow(flow, self.fuzzer_options):
             continue
         # Fuzz Body
         if flow.request.content:
             self.body_fuzz(flow)
         # Fuzz Query
         self.query_fuzz(flow)
     return self.ssrf_fuzz_flows