fuzzer

package
v0.0.0-...-c35f368 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 13, 2023 License: MIT Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const MarkerRegex = `§(.*?)§`

MarkerRegex is the default request injection marker regex string

Variables

View Source 
var ErrorCodes = []int{
	400,
	401,
	402,
	403,
	404,
	405,
	406,
	407,
	408,
	409,
	410,
	411,
	412,
	413,
	414,
	415,
	416,
	417,
	418,
	421,
	422,
	423,
	424,
	425,
	426,
	428,
	429,
	431,
	451,
	500,
	501,
	502,
	503,
	504,
	505,
	506,
	507,
	508,
	510,
	511,
}

ErrorCodes http error response codes

View Source 
var SuccessCodes = []int{
	100,
	101,
	102,
	103,

	200,
	201,
	202,
	203,
	204,
	205,
	206,
	207,
	208,
	226,

	300,
	301,
	302,
	303,
	304,
	305,

	307,
	308,
}

SuccessCodes http success response codes

View Source 
var SupportedInjectionPointTypes = []string{
	"QUERY",
	"JSON",
	"FORM_URLENCODE",
	"HEADER",
	"PATH",
	"MARKED",
}

SupportedInjectionPointTypes is a list of supported injection point types

Functions

func ByteToJSONInterface 

func ByteToJSONInterface(r io.ReadCloser) (interface{}, []byte, error)

ByteToJSONInterface takes a byte array as input and returns JSON inteface

func CheckTarget 

func CheckTarget(req *HTTPRequest, successcodes []int) error

CheckTarget takes a request object and a list of errorcodes returns false if response to the request matches the error code and true if it doesn't

func CountJSONBody 

func CountJSONBody(jsoni interface{}) int8

CountJSONBody take http.Request and return total amount of parameters

func HTTPRequestToJSONInterface 

func HTTPRequestToJSONInterface(req *HTTPRequest) (interface{}, error)

HTTPRequestToJSONInterface take a HTTPRequest pointer and returns a JSON interface

func RequestToString 

func RequestToString(r *http.Request) (string, error)

RequestToString takes a http.Request and returns a string

func ResponseToString 

func ResponseToString(r *http.Response) (string, error)

ResponseToString takes a http.Response and returns a string

func ResultsToFile 

func ResultsToFile(projectName string, task SerializedTask) error

ResultsToFile will write the results of a fuzzing Task to a file

func ResultsToMongoDB 

func ResultsToMongoDB(mongodbURI string, task SerializedTask) error

ResultsToMongoDB will write the results of a fuzzing Task to MongoDB

Types

type HTTPRequest 

type HTTPRequest struct {
	Request                    *http.Request
	RequestText                string // String representation of the Request
	TotalInjectionPoints       int8   // Total number of injection points
	TotalPathInjectionPoints   int8   // Total number of URL path injection points
	TotalCookieInjectionPoints int8   // Total number of Cookie injection points
	TotalHeaderInjectionPoints int8   // Total number of Cookie injection points
	TotalQueryInjectionPoints  int8   // Total number of Query injection points
	TotalBodyInjectionPoints   int8   // Total number of Body injection points
	ForceTLS                   bool   // Force request to use TLS/SSL
}

HTTPRequest represents a fuzzer HTTP request

func NewHTTPRequestFromBytes 

func NewHTTPRequestFromBytes(reqstr []byte, forceTLS bool) (req HTTPRequest, err error)

NewHTTPRequestFromBytes take a []byte and returns a HTTPRequest

func NewHTTPRequestFromRequest 

func NewHTTPRequestFromRequest(r *http.Request, forceTLS bool) (req HTTPRequest)

NewHTTPRequestFromRequest takes a http.Request and returns a HTTPRequest

func (*HTTPRequest) CountInjectionPoints 

func (req *HTTPRequest) CountInjectionPoints()

CountInjectionPoints takes a http.Request and return to total amount of injection points

func (*HTTPRequest) InjectFormURLEncodedBody 

func (req *HTTPRequest) InjectFormURLEncodedBody(injections []payloads.Payload) []TestCase

InjectFormURLEncodedBody takes a array of payloads and return an array of TestCases with the payloads injected in a x-www-form-urlencoded HTTP request body

func (*HTTPRequest) InjectHeaders 

func (req *HTTPRequest) InjectHeaders(injections []payloads.Payload) []TestCase

InjectHeaders takes a array of payloads and returns an array of TestCases with the payloads injected in the headers

func (*HTTPRequest) InjectJSONParameters 

func (req *HTTPRequest) InjectJSONParameters(injections []payloads.Payload) []TestCase

InjectJSONParameters takes a array of payloads and returns a array of TestCases with the payloads injected in the JSON body of each HTTP request

func (*HTTPRequest) InjectMarked 

func (req *HTTPRequest) InjectMarked(injections []payloads.Payload) []TestCase

InjectMarked takes a array of payloads and returns a array of TestCases with the payloads injected in the JSON body of each HTTP request

func (*HTTPRequest) InjectPath 

func (req *HTTPRequest) InjectPath(injections []payloads.Payload) []TestCase

InjectPath takes an array of payloads and returns an array of TestCases with the payloads injected in the URI path

func (*HTTPRequest) InjectQueryParameters 

func (req *HTTPRequest) InjectQueryParameters(injections []payloads.Payload) []TestCase

InjectQueryParameters take an array of payloads and return an array of TestCases with the payloads injected into query parameters

func (*HTTPRequest) IsMarked 

func (req *HTTPRequest) IsMarked() bool

IsMarked check for injection markers inside of a request and return true if found or false if not found.

type HTTPResponse 

type HTTPResponse struct {
	Response     *http.Response
	ResponseText string // String representation of the Response
}

HTTPResponse represents a fuzzer HTTP response

func NewHTTPResponse 

func NewHTTPResponse(baseres *http.Response) (res HTTPResponse, err error)

NewHTTPResponse takes a http.Response and returns a HTTPResponse

func NewHTTPResponseFromBytes 

func NewHTTPResponseFromBytes(resstr []byte, req *http.Request) (res HTTPResponse, err error)

NewHTTPResponseFromBytes take a []byte and returns a HTTPResponse

type SerializedTask 

type SerializedTask struct {
	Project     string               `bson:"project"`
	Name        string               `bson:"name"`
	BaseRequest string               `bson:"baserequest"`
	Start       time.Time            `bson:"start"`
	End         time.Time            `bson:"end"`
	TestCases   []SerializedTestCase `bson:"testcases"`
}

SerializedTask is the bson serialized version of Task

type SerializedTestCase 

type SerializedTestCase struct {
	Request            string `bson:"request,omitempty"`
	Response           string `bson:"response,omitempty"`
	Injection          string `bson:"injection,omitempty"`
	InjectionType      string `bson:"injectiontype,omitempty"`
	InjectionPoint     string `bson:"injectionpoint,omitempty"`
	InjectionPointType string `bson:"injectionpointtype,omitempty"`
	Duration           string `bson:"duration,omitempty"`
}

SerializedTestCase is the BSON serialized version of TestCase

type StorageConfig 

type StorageConfig struct {
	UseMongoDB       bool
	MongoDBURI       string
	UseFile          bool
	FileURI          string
	UseElasticSearch bool
	ElasticSeachURI  string
}

StorageConfig contains information about where to store results of a fuzzer Task

func CreateStorageConfigFromURI 

func CreateStorageConfigFromURI(StorageURIs []string) StorageConfig

CreateStorageConfigFromURI takes an array of URI strings and return a StorageConfig type

type Task 

type Task struct {
	Project        string
	Name           string
	InjectionTypes []string
	BaseRequest    HTTPRequest
	Start          time.Time
	End            time.Time
	State          string
	TestCases      []TestCase
}

Task represents a Fuzzer task

func NewTask 

func NewTask(Project string, Name string, InjectionTypes []string, InjectionPointTypes []string, BaseRequest HTTPRequest, mongodbURI string) (Task, error)

NewTask takes a list of InjectionTypes and HTTPRequest and returns a FuzzerTask

func (*Task) Run 

func (T *Task) Run(TotalThreads int, storageconfig StorageConfig, Proxy *url.URL)

Run starts and run a fuzzer Task

type TestCase 

type TestCase struct {
	BaseRequest        HTTPRequest
	Request            HTTPRequest
	Response           HTTPResponse
	Injection          string
	InjectionType      string
	InjectionPoint     string
	InjectionPointType string
	Duration           string
	Status             string
}

TestCase contain information about a fuzz case such as request, response, injection, etc.

func CreateTestCases 

func CreateTestCases(injectionpointtypes []string, injectiontypes []string, mongodbURI string, request HTTPRequest) ([]TestCase, error)

CreateTestCases takes a arrays of InjectionPointType, InjectionType, and a mongodbURI and returns an array of TestCases

func (*TestCase) Serialize 

func (TC *TestCase) Serialize() SerializedTestCase

Serialize return a serialize version of TestCase

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.