def pathtraversal_fuzzer(self, flows): """ Path Traversal Fuzzing Request """ if not any(x in self.fuzzer_options["active_fuzzers"] for x in ["fuzz_path_traversal", "all"]): return self.write("Generating Path Traversal Fuzz Flows") for flow in flows: if not is_valid_flow(flow, self.fuzzer_options): continue if "url" in self.scope and flow.request.query: self.query_fuzz(flow) return self.pathtraversal_fuzz_flows
def header_checker(self, flows): """ Check for Security Headers """ if not any(x in self.fuzzer_options["active_fuzzers"] for x in ["fuzz_header_checks", "all"]): return self.write("Passive Header Checks") project_name = get_filename(self.fuzzer_options["flow_file"]) self.report_file = os.path.join(settings.LOGS_DIR, project_name) for flow in flows: if is_valid_flow(flow, self.fuzzer_options): self.security_headers(flow)
def api_fuzzer(self, flows): """ API Fuzz Request """ if not any(x in self.fuzzer_options["active_fuzzers"] for x in ["fuzz_api", "all"]): return self.auth_apis = self.get_api_flows(flows) self.write("Generating API Rate Limit Fuzz Flows") for api_name, flow in self.auth_apis.items(): if not is_valid_flow(flow, self.fuzzer_options): continue self.generate_rate_limit_flws(api_name, flow) return self.api_fuzz_flows
def xss_fuzzer(self, flows): """ XSS Fuzzing Request """ if not any(x in self.fuzzer_options["active_fuzzers"] for x in ["fuzz_xss", "all"]): return self.write("Generating XSS Fuzz Flows") for flow in flows: if not is_valid_flow(flow, self.fuzzer_options): continue if "url" in self.scope and flow.request.query: self.query_fuzz(flow) return self.xss_fuzz_flows
def deserialize_fuzzer(self, flows): """ Deserialization Fuzzing Request """ if not any(x in self.fuzzer_options["active_fuzzers"] for x in ["fuzz_deserialization_checks", "all"]): return self.write("Generating Deserialization Fuzz Flows") for flow in flows: if not is_valid_flow(flow, self.fuzzer_options): continue if flow.request.content: self.body_fuzz(flow) self.query_fuzz(flow) return self.deserialize_fuzz_flows
def xxe_fuzzer(self, flows): """ XXE Fuzzing Request """ if not any(x in self.fuzzer_options["active_fuzzers"] for x in ["fuzz_xxe", "all"]): return self.write("Generating XXE Fuzz Flows") for flow in flows: if not is_valid_flow(flow, self.fuzzer_options): continue # Fuzz Query self.query_fuzz(flow) # Fuzz Body if flow.request.content or is_xml_content_type(get_content_type_lower(flow.request)): self.body_fuzz(flow) return self.xxe_fuzz_flows
def ssrf_fuzzer(self, flows): """ SSRF Fuzzing Request """ if not any(x in self.fuzzer_options["active_fuzzers"] for x in ["fuzz_ssrf", "all"]): return self.write("Generating SSRF Fuzz Flows") for flow in flows: if not is_valid_flow(flow, self.fuzzer_options): continue # Fuzz Body if flow.request.content: self.body_fuzz(flow) # Fuzz Query self.query_fuzz(flow) return self.ssrf_fuzz_flows