github-mirrors/wapifuzz
1
0
Fork 0
mirror of https://github.com/ysoftdevs/wapifuzz.git synced 2026-03-24 10:21:18 +01:00
Code Issues 1 Packages Projects Releases 1 Wiki Activity

Merge branch 'progress_to_stdout'

Browse Source
This commit is contained in:
Jan Stárek
2019-11-24 01:57:39 +01:00
parent 8ed034890b cbd260e0e9
commit 628f296e97
5 changed files with 24 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
fuzzer/progress_reporter.py
View File

@@ -24,7 +24,7 @@ def report_progress(session, junit_logger):
plan_another_report(session, junit_logger, ConfigurationManager.get_reporting_interval()) plan_another_report(session, junit_logger, ConfigurationManager.get_reporting_interval())
message = create_report_message(session) message = create_report_message(session)
print(message, file=sys.stderr) print(message)
else: else:
plan_another_report(session, junit_logger, DID_FUZZING_STARTED_CHECKS_TIME_INTERVAL_IN_SECONDS) plan_another_report(session, junit_logger, DID_FUZZING_STARTED_CHECKS_TIME_INTERVAL_IN_SECONDS)

12
fuzzer/text_logger.py
View File

@@ -3,6 +3,10 @@ from fake_socket import get_response_object
class TextLogger(FuzzLoggerText): class TextLogger(FuzzLoggerText):
def __init__(self, full_log_file_pointer):
super().__init__()
self._log_file = full_log_file_pointer
def open_test_step(self, description): def open_test_step(self, description):
self._print_log_msg(msg=description, msg_type='step') self._print_log_msg(msg=description, msg_type='step')
@@ -37,10 +41,14 @@ class TextLogger(FuzzLoggerText):
self._print_log_msg(msg=description, msg_type='pass') self._print_log_msg(msg=description, msg_type='pass')
def close_test_case(self): def close_test_case(self):
print() print(file=self._log_file)
def close_test(self): def close_test(self):
pass pass
def _print_log_msg(self, msg_type, msg=None, data=None): def _print_log_msg(self, msg_type, msg=None, data=None):
print(helpers.format_log_msg(msg_type=msg_type, description=msg, data=data, indent_size=self.INDENT_SIZE)) print(
helpers.format_log_msg(
msg_type=msg_type, description=msg, data=data, indent_size=self.INDENT_SIZE, format_type="html"
), file=self._log_file
)

19
fuzzer/wapifuzz.py
View File

@@ -7,6 +7,8 @@ from payloads.payloads_loader import PayloadsLoader, load_default_payloads
from configuration_manager import ConfigurationManager from configuration_manager import ConfigurationManager
from fuzzer import Fuzzer from fuzzer import Fuzzer
FUZZING_LOG_FILE = "fuzzing.log"
def main(): def main():
config_file_path = sys.argv[1] config_file_path = sys.argv[1]
@@ -27,16 +29,17 @@ def main():
payloads_loader.load_payloads(custom_payloads_path, FuzzPayloads.CUSTOM_PAYLOADS_KEY) payloads_loader.load_payloads(custom_payloads_path, FuzzPayloads.CUSTOM_PAYLOADS_KEY)
with open(junit_output, 'w', encoding='utf8') as junit_output_file_pointer: with open(junit_output, 'w', encoding='utf8') as junit_output_file_pointer:
text_logger = TextLogger() with open(FUZZING_LOG_FILE, "w", encoding='utf8') as full_log_file_pointer:
junit_logger = JUnitLogger(junit_output_file_pointer, test_suite_name_delimiter=":", hostname=target["hostname"]) text_logger = TextLogger(full_log_file_pointer)
protocol = 'ssl' if target["ssl"] is True else 'tcp' junit_logger = JUnitLogger(junit_output_file_pointer, test_suite_name_delimiter=":", hostname=target["hostname"])
protocol = 'ssl' if target["ssl"] is True else 'tcp'
with open(endpoints_description, 'r') as endpoints_description_file_pointer: with open(endpoints_description, 'r') as endpoints_description_file_pointer:
endpoints = json.loads(endpoints_description_file_pointer.read()) endpoints = json.loads(endpoints_description_file_pointer.read())
fuzzer = Fuzzer(endpoints, text_logger, junit_logger, protocol) fuzzer = Fuzzer(endpoints, text_logger, junit_logger, protocol)
fuzzer.fuzz() fuzzer.fuzz()
return fuzzer.was_there_any_failure() return fuzzer.was_there_any_failure()
if __name__ == '__main__': if __name__ == '__main__':

3
run.ps1
View File

@@ -32,7 +32,6 @@ $DOCKER='docker'
# Define paths inside directory # Define paths inside directory
$PARSER_FOLDER="./parser/OpenApiParserCLI/" $PARSER_FOLDER="./parser/OpenApiParserCLI/"
$API_REQUESTS_JSON="./parser/api.json" $API_REQUESTS_JSON="./parser/api.json"
$FUZZER_LOG="fuzzing.log"
$JUNIT_TEST_REPORT="./reporter/reports.junit.xml" $JUNIT_TEST_REPORT="./reporter/reports.junit.xml"
$HTML_TEST_REPORT="./reporter/reports.html" $HTML_TEST_REPORT="./reporter/reports.html"
$XUNIT2HTML_XSL="./reporter/xunit_to_html.xsl" $XUNIT2HTML_XSL="./reporter/xunit_to_html.xsl"
@@ -67,7 +66,7 @@ Write-Host "Installing specific dependencies"
pip install git+https://github.com/jtpereyda/boofuzz.git pip install git+https://github.com/jtpereyda/boofuzz.git
pip install junit-xml pip install junit-xml
Write-Host "Starting fuzz testing" Write-Host "Starting fuzz testing"
python ./fuzzer/wapifuzz.py ${config} ${API_REQUESTS_JSON} ${JUNIT_TEST_REPORT} ${payloads} > $FUZZER_LOG python ./fuzzer/wapifuzz.py ${config} ${API_REQUESTS_JSON} ${JUNIT_TEST_REPORT} ${payloads}
$FUZZER_ERROR_CODE=$LASTEXITCODE $FUZZER_ERROR_CODE=$LASTEXITCODE
if ($FUZZER_ERROR_CODE -eq 2) if ($FUZZER_ERROR_CODE -eq 2)
{ {

2
run.sh
View File

@@ -77,7 +77,7 @@ ${PYTHON3_BIN} -m virtualenv env
echo "Started fuzzing" echo "Started fuzzing"
. ./env/bin/activate ; \ . ./env/bin/activate ; \
pip install --upgrade pip ; pip install git+https://github.com/jtpereyda/boofuzz.git ; pip install junit-xml ; \ pip install --upgrade pip ; pip install git+https://github.com/jtpereyda/boofuzz.git ; pip install junit-xml ; \
python fuzzer/wapifuzz.py ${WAPIFUZZ_CONFIG} ${API_REQUESTS_JSON} ${JUNIT_TEST_REPORT} ${CUSTOM_PAYLOADS_FILE} > ${FUZZER_LOG} python fuzzer/wapifuzz.py ${WAPIFUZZ_CONFIG} ${API_REQUESTS_JSON} ${JUNIT_TEST_REPORT} ${CUSTOM_PAYLOADS_FILE}
FUZZER_ERROR_CODE=$? FUZZER_ERROR_CODE=$?
if [ "$FUZZER_ERROR_CODE" -eq "2" ]; then if [ "$FUZZER_ERROR_CODE" -eq "2" ]; then
echo "Fuzzing failed. Trying to generate HTML result of procceeded test cases."; echo "Fuzzing failed. Trying to generate HTML result of procceeded test cases.";