github-mirrors/wapifuzz
1
0
Fork 0
mirror of https://github.com/ysoftdevs/wapifuzz.git synced 2026-01-11 22:30:35 +01:00
Code Issues 1 Packages Projects Releases 1 Wiki Activity

Renaming

Browse Source
This commit is contained in:
Jan Stárek
2019-10-21 16:15:33 +02:00
parent 0f17c05216
commit 7caea55d9f
7 changed files with 25 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@@ -12,7 +12,7 @@ RUN apt update && apt install --yes build-essential checkinstall libreadline-gpl
ADD https://www.python.org/ftp/python/3.7.3/Python-3.7.3.tgz /usr/src/
RUN cd /usr/src ; tar xzf Python-3.7.3.tgz ; cd Python-3.7.3 ; ./configure --enable-optimizations ; make altinstall ; ln -s /usr/local/bin/python3.7 /usr/local/bin/python3 ; ln -s /usr/local/bin/pip3.7 /usr/local/bin/pip3
# Copy wfuzz components into docker
# Copy wapifuzz components into docker
COPY fuzzer /usr/local/fuzzer/fuzzer
COPY parser /usr/local/fuzzer/parser
COPY reporter /usr/local/fuzzer/reporter

24
README.md
View File

@@ -1,15 +1,15 @@
# WFuzz - fully autonomous web APIs fuzzer
# WapiFuzz - fully autonomous web APIs fuzzer
Fuzzing is popular testing technique for various error types detection. There are many fuzzing engines and fuzzers, which can help you with fuzzing itself. But there is currently no tool which can fully automate fuzzing just by providing API specification.
And that is why WFuzz was created. We believe that web API documentation is all that fuzzer needs to do his job. WFuzz can be easily deployed to almost any continuous integration (CI) service. It provides rich test reports to JUnit XML format.
And that is why WapiFuzz was created. We believe that web API documentation is all that fuzzer needs to do his job. WapiFuzz can be easily deployed to almost any continuous integration (CI) service. It provides rich test reports to JUnit XML format.
## What does the WFuzz test?
Current version of WFuzz tests following parts of HTTP request to your API:
## What does the WapiFuzz test?
Current version of WapiFuzz tests following parts of HTTP request to your API:
- HTTP header
- URI attributes of all documented requests
- JSON body primitive types of all documented HTTP body examples
## What types of vulnerabilities does WFuzz testing?
## What types of vulnerabilities does WapiFuzz testing?
- Numeric strings (overflows, reserved words, ...)
- Command injection
- SQL injection
@@ -26,7 +26,7 @@ You can automatically test your web API if it meets following criteria:
If you have your API documented in other documentation formats, you can try use some convertor.
There are plenty convertors online. Some of theme are listed here: https://openapi.tools/.
Consuming JSON data is not mandatory requirement. If your API does not consumes JSON, WFuzz will still tests HTTP header and URI attributes processing of your server.
Consuming JSON data is not mandatory requirement. If your API does not consumes JSON, WapiFuzz will still tests HTTP header and URI attributes processing of your server.
## Dependencies
- Python 3
@@ -55,7 +55,7 @@ In config file you are able to specify following options:
- **port** -> victim port
- **ssl** -> boolean value, set to `true` if you want use SSL tcp connection, otherwise `false`
Great, WFuzz is now ready for fuzzing! Run it by following commands.
Great, WapiFuzz is now ready for fuzzing! Run it by following commands.
### Windows
Execute `run.ps1 -c config_file_path -openapi openapi_doc_file_path [-payloads custom_payloads_file_path]` script in PowerShell.
@@ -65,7 +65,7 @@ Execute `run.sh config_file_path openapi_doc_file_path [custom_payloads_file_pat
### Docker
You just need to run the container with following arguments:
`docker run -p {host_port}:{container_port} -v $(pwd):/usr/local/fuzzer/mnt/ starek4/wfuzz:latest config.json sqta.yaml [custom_payloads.txt]`
`docker run -p {host_port}:{container_port} -v $(pwd):/usr/local/fuzzer/mnt/ starek4/wapifuzz:latest config.json sqta.yaml [custom_payloads.txt]`
where files `config.json`, `sqta.yaml` and `custom_payloads` needs to be stored in the working directory.
With parameter `-p` you also need to bind port number, which is used for communication with your web API, to the container.
@@ -76,8 +76,8 @@ As you can see in run script parameters, you may even specify your own payloads!
## Where I can find test reports?
After WFuzz finish, three main report files are generated. If you are using docker image just the way that is described above, you simply find these three files in your working directory.
If you are running WFuzz by run scripts, you can find these files in the following paths:
After WapiFuzz finish, three main report files are generated. If you are using docker image just the way that is described above, you simply find these three files in your working directory.
If you are running WapiFuzz by run scripts, you can find these files in the following paths:
- JUnit File: `./reporter/results.junit.xml`
- HTML report: `./reporter/reports.html`
@@ -87,8 +87,8 @@ If you are running WFuzz by run scripts, you can find these files in the followi
The first is the JUnit file (`./reporter/results.junit.xml`), which contains full test report and contains logs for failed tests. Almost every CI system provides a way how to present JUnit test reports in some human friendly way.
### HTML report
WFuzz also generates nicely formatted HTML test report, stored at `./reporter/reports.html`.
WapiFuzz also generates nicely formatted HTML test report, stored at `./reporter/reports.html`.
### Additional text logs
WFuzz informs you about overall progress at standard output. If you want complete tests logs even
WapiFuzz informs you about overall progress at standard output. If you want complete tests logs even
for successfully finished test cases you can find it in log file (`./fuzzing.log`).

2
fuzzer/src/blocks_generator.py
View File

@@ -24,7 +24,7 @@ def generate_http_fuzzed_blocks() -> str:
s_static("Content-Length: 0" + "\r\n")
s_static("User-Agent: ")
s_http_string("WFuzz", name="User-agent")
s_http_string("WapiFuzz", name="User-agent")
s_delim("\r\n\r\n", name="HTTP headers and body delimiter")

0
fuzzer/src/wfuzz.py → fuzzer/src/wapifuzz.py
View File

6
procmon/README.md
View File

@@ -23,8 +23,8 @@ Example command:
`python process_monitor_windows.py -p TestedApplication.exe`
## How to tell WFuzz that we want to monitor process?
If you want to use process monitor, just add starting command for your tested service / process into WFuzz configuration file. Example configuration key should look like this:
## How to tell WapiFuzz that we want to monitor process?
If you want to use process monitor, just add starting command for your tested service / process into WapiFuzz configuration file. Example configuration key should look like this:
`"startup_command": ["python", "C:\\server\\httpd.py"]`
WFuzz then automatically connect with running process monitor script on tested system and will use its features.
WapiFuzz then automatically connect with running process monitor script on tested system and will use its features.

4
run.ps1
View File

@@ -39,7 +39,7 @@ $XUNIT2HTML_XSL="./reporter/xunit_to_html.xsl"
$SAXON9HE="./reporter/saxon9he.jar"
# Define docker images tags
$REPORTER_IMAGE_TAG="wfuzz:reporter"
$REPORTER_IMAGE_TAG="wapifuzz:reporter"
# Setting encofing for Python
$env:PYTHONIOENCODING = "UTF-8"
@@ -68,7 +68,7 @@ pip install git+https://github.com/jtpereyda/boofuzz.git
pip install junit-xml
Write-Host "Starting fuzz testing"
python ./fuzzer/src/wfuzz.py ${config} ${API_REQUESTS_JSON} ${JUNIT_TEST_REPORT} ${payloads} > $FUZZER_LOG
python ./fuzzer/src/wapifuzz.py ${config} ${API_REQUESTS_JSON} ${JUNIT_TEST_REPORT} ${payloads} > $FUZZER_LOG
if(-Not ($?))
{
Write-Host "Fuzzing failed. HTML report will not be produced."

12
run.sh
View File

@@ -10,7 +10,7 @@ then
fi
# Load script arguments
WFUZZ_CONFIG=$1
WAPIFUZZ_CONFIG=$1
OPENAPI_DOCUMENTATION=$2
CUSTOM_PAYLOADS_FILE=$3
@@ -35,8 +35,8 @@ SAXON9HE=./reporter/saxon9he.jar
# If we are in Docker container, write output files into mounted folder and append this folder before input files paths
if [ "$container" = "true" ]; then
echo "Founded mounted Docker directory, you can find WFuzz artifacts in your working directory."
WFUZZ_CONFIG="./mnt/$WFUZZ_CONFIG"
echo "Founded mounted Docker directory, you can find WapiFuzz artifacts in your working directory."
WAPIFUZZ_CONFIG="./mnt/$WAPIFUZZ_CONFIG"
OPENAPI_DOCUMENTATION="./mnt/$OPENAPI_DOCUMENTATION"
if [ ! -z "$CUSTOM_PAYLOADS_FILE" ]; then
@@ -49,7 +49,7 @@ if [ "$container" = "true" ]; then
fi
# Check if config file and documentation file are valid files
if [ ! -f "$WFUZZ_CONFIG" ]
if [ ! -f "$WAPIFUZZ_CONFIG" ]
then
echo "Configuration file path is not valid!" >&2
echo $USAGE >&2
@@ -64,7 +64,7 @@ then
fi
# Define docker images tags
REPORTER_IMAGE_TAG=wfuzz:reporter
REPORTER_IMAGE_TAG=wapifuzz:reporter
# Pilenine execution
echo "Started parsing"
@@ -77,7 +77,7 @@ ${PYTHON3_BIN} -m virtualenv env
echo "Started fuzzing"
. ./env/bin/activate ; \
pip install --upgrade pip ; pip install git+https://github.com/jtpereyda/boofuzz.git ; pip install junit-xml ; \
python fuzzer/src/wfuzz.py ${WFUZZ_CONFIG} ${API_REQUESTS_JSON} ${JUNIT_TEST_REPORT} ${CUSTOM_PAYLOADS_FILE} > ${FUZZER_LOG} || { echo 'Fuzzing failed. HTML report will not be produced.' ; exit 1; } ; deactivate
python fuzzer/src/wapifuzz.py ${WAPIFUZZ_CONFIG} ${API_REQUESTS_JSON} ${JUNIT_TEST_REPORT} ${CUSTOM_PAYLOADS_FILE} > ${FUZZER_LOG} || { echo 'Fuzzing failed. HTML report will not be produced.' ; exit 1; } ; deactivate
echo "Fuzzing finished"
echo "Starting generating HTML test report"