Python BSQLiFuzzer示例

编程语言: Python

命名空间/包名称: massweb.fuzzers.bsqli_fuzzer

类/类型: BSQLiFuzzer

hotexamples.com的示例: 2

Python BSQLiFuzzer - 已找到2个示例。这些是从开源项目中提取的最受好评的massweb.fuzzers.bsqli_fuzzer.BSQLiFuzzer现实Python示例。您可以评价示例，以帮助我们提高示例质量。

常用方法

显示隐藏

BSQLiFuzzer(2)

fuzz(2)

示例#1

显示文件

def fuzz(targets):
    xss_payload = Payload('"><ScRipT>alert(31337)</ScrIpT>', check_type_list = ["xss"])
    sqli_xpathi_payload = Payload("')--#", check_type_list = ["sqli", "xpathi"])
    trav_payload = Payload('../../../../../../../../../../../../../../../../../../../../../../../etc/passwd', check_type_list = ["trav"])
    xpathi_payload = Payload('<!--', check_type_list = ["xpathi"])
    osci_payload = Payload('; cat /etc/passwd')
    wf = WebFuzzer(targets, num_threads=25, time_per_url=5, request_timeout=4, proxy_list=proxy_scan_list, hadoop_reporting=True)
    wf.add_payload(xss_payload)
    wf.add_payload(sqli_xpathi_payload)
    wf.add_payload(trav_payload)
    wf.add_payload(xpathi_payload)
    wf.add_payload(osci_payload)
    wf.generate_fuzzy_targets()
    wf_results = wf.fuzz()
    generic_true_payload =  BSQLIPayload(" AND 1=1", {"truth": True})
    generic_false_payload =  BSQLIPayload(" AND 1=2", {"truth": False})
    generic_payload_group = BSQLIPayloadGroup(generic_true_payload, generic_false_payload)
    dump_true_payload = BSQLIPayload(" OR 1=1", {"truth": True})
    dump_false_payload = BSQLIPayload(" OR 1=2", {"truth": False})
    dump_payload_group = BSQLIPayloadGroup(dump_true_payload, dump_false_payload)
    payload_groups = [generic_payload_group, dump_payload_group]
    bf = BSQLiFuzzer(targets, bsqli_payload_groups=payload_groups, hadoop_reporting=True, num_threads=10)
    bf_results = bf.fuzz()
    for result in wf_results:
        yield result
    for result in bf_results:
        yield result

示例#2

显示文件

 def test_bsqlifuzzer(self):
     # Create true and false conditions using AND
     generic_true_payload = BSQLIPayload(" AND 1=1", {"truth" : True})
     generic_false_payload = BSQLIPayload(" AND 1=2", {"truth" : False})
     # Create PayloadGroup
     generic_payload_group = BSQLIPayloadGroup(generic_true_payload, generic_false_payload)
     # This second group is for checking the returned content length
     # Create true and false conditions using OR
     dump_true_payload = BSQLIPayload(" OR 1=1", {"truth" : True})
     dump_false_payload = BSQLIPayload(" OR 1=2", {"truth" : False})
     dump_payload_group = BSQLIPayloadGroup(dump_true_payload, dump_false_payload)
     payload_groups = [generic_payload_group, dump_payload_group]
     bf = BSQLiFuzzer(targets, bsqli_payload_groups = payload_groups, hadoop_reporting=False, num_threads=10)
     result = bf.fuzz()