Documentation ¶
Overview ¶
Copyright © 2019 Charlie Belmer <Charlie.Belmer@protonmail.com>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
Copyright © 2019 Charlie Belmer <Charlie.Belmer@protonmail.com>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
Copyright © 2019 Charlie Belmer <Charlie.Belmer@protonmail.com>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
Copyright © 2019 Charlie Belmer <Charlie.Belmer@protonmail.com>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
Index ¶
- func BlindBooleanInjectionTest(att scanutil.AttackObject) []scanutil.InjectionObject
- func ErrorBasedInjectionTest(att scanutil.AttackObject) []scanutil.InjectionObject
- func GetInjectionTest(att scanutil.AttackObject) []scanutil.InjectionObject
- func InjectMongoCharacters(att scanutil.AttackObject) []scanutil.InjectionObject
- func TimingInjectionTest(att scanutil.AttackObject) []scanutil.InjectionObject
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BlindBooleanInjectionTest ¶
func BlindBooleanInjectionTest(att scanutil.AttackObject) []scanutil.InjectionObject
* Run injection assuming that no errors are being returned, but the page may differ in detectable ways. *
func ErrorBasedInjectionTest ¶
func ErrorBasedInjectionTest(att scanutil.AttackObject) []scanutil.InjectionObject
* Run injection tests looking for error strings being returned in the reponse. *
func GetInjectionTest ¶ added in v0.5.1
func GetInjectionTest(att scanutil.AttackObject) []scanutil.InjectionObject
* Attempt to inject control characters into get parameters, searching for different values *
func InjectMongoCharacters ¶ added in v0.5.1
func InjectMongoCharacters(att scanutil.AttackObject) []scanutil.InjectionObject
*
- Try to test various get parameter injections, searching for different results.
- For instance param=basic might return a different page than param[$lt] basic or
- param[$nin]=basic.
- If it works with one parameter, it likely works with all GET injections.
func TimingInjectionTest ¶
func TimingInjectionTest(att scanutil.AttackObject) []scanutil.InjectionObject
* Timing injections are based on the idea that different values injected don't change output in any discernable way. We can inject commands to try to lengthen the time it takes to respond to a command, and measure the response time. *
Types ¶
This section is empty.