Documentation
¶
Overview ¶
Copyright © 2019 Charlie Belmer <Charlie.Belmer@protonmail.com>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
Copyright © 2019 Charlie Belmer <Charlie.Belmer@protonmail.com>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
Copyright © 2019 Charlie Belmer <Charlie.Belmer@protonmail.com>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
Copyright © 2019 Charlie Belmer <Charlie.Belmer@protonmail.com>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
Copyright © 2019 Charlie Belmer <Charlie.Belmer@protonmail.com>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
Copyright © 2019 Charlie Belmer <Charlie.Belmer@protonmail.com>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
Index ¶
- Constants
- func BodyItemCombinations(data []BodyItem) <-chan []BodyItem
- func Combinations(data ...interface{}) <-chan []interface{}
- func FlattenJSON(jsonData string) []string
- func GetTransformedValues(kvList map[string]string, keyTransform func(string) string, ...) [][]map[string]string
- func JSInjections(quoteType string) map[string][]string
- func Keys(aMap map[string]string) []string
- func Permutations(data []string) <-chan []string
- func StringCombinations(data []string) <-chan []string
- func Values(aMap map[string]string) []string
- type AttackObject
- func (a *AttackObject) Copy() AttackObject
- func (a *AttackObject) Hash() string
- func (a *AttackObject) QueryParams() map[string]string
- func (a *AttackObject) QueryString() string
- func (a *AttackObject) ReplaceBodyObject(pattern string, payload string, replaceKey bool, index int)
- func (a *AttackObject) ReplaceQueryParam(oldkey string, key string, value string)
- func (a *AttackObject) RestoreBody()
- func (a *AttackObject) Send() (HTTPResponseObject, error)
- func (a *AttackObject) SetBody(body string)
- func (a *AttackObject) SetQueryParam(key string, payload string)
- func (a *AttackObject) SetURL(u string)
- type BodyItem
- type HTTPResponseObject
- type InjectionObject
- type InjectionType
- type ScanOptions
Constants ¶
const ( Blind = InjectionType(iota) Timed Error GetParam )
Variables ¶
This section is empty.
Functions ¶
func BodyItemCombinations ¶
* Return all combinations of body elements in an attackObject. This is the same as string combo * above. * * Parameters: * data: A body item list. BodyItem is defined in attack objects, and has a value and location.
func Combinations ¶
func Combinations(data ...interface{}) <-chan []interface{}
Generic combinations
func FlattenJSON ¶
* Takes a JSON object (as a string), and returns all keys and values in a string slice
func GetTransformedValues ¶ added in v0.5.1
func GetTransformedValues(kvList map[string]string, keyTransform func(string) string, valTransform func(string) string, transformKeys bool, transformValues bool) [][]map[string]string
* Transform key:value pairs (generally for parameters) based on passed in transforms. * For instance, a site might have something like url/page?user=name, and we could pass * this function the key value pair {user:name} with transform functions that would * inject some data. * * TODO: Get this more generic so it can work on more use cases. Right now func is not in use. * * The function returns all combinations of transformed keys and values, with each entry having the following format: * {"newkey":"transformed_key", "newvalue":"transformed_value", "oldkey":"original_key", "oldvalue":"original_value"} *
- A combination might look like:
- [ [ {"newkey":"transformed_key", "newvalue":"transformed_value", "oldkey":"original_key", "oldvalue":"original_value"}, {"newkey":"transformed_key_2", "newvalue":"transformed_value_2", "oldkey":"original_key_2", "oldvalue":"original_value_2"} ], [ {"newkey":"transformed_key", "newvalue":"transformed_value", "oldkey":"original_key", "oldvalue":"original_value"} ] [ ... ] ]
func JSInjections ¶
*
- return a map of true injections, with associated false injections to test. *
- params:
- quoteType whether to use a single or double quote for injections.
func Permutations ¶
*
- Generator function to return all permutations from a given slice.
- A permutation is any unique (order does matter) combination of
- values. *
- Example:
- Combinations([1, 2, 3]) ->
- [A]
- [A B]
- [A B C]
- [A C]
- [A C B]
- [B]
- [B A]
- [B A C]
- [B C]
- [B C A]
- [C]
- [C A]
- [C A B]
- [C B]
- [C B A]
func StringCombinations ¶
Combinations for a slice of strings - convert to []interface{} and pass to Combinations
Types ¶
type AttackObject ¶
type AttackObject struct {
Request *http.Request
Client *http.Client
Options ScanOptions
Body string
BodyValues []BodyItem // List of all values that can be updated. May include maps or arrays (if body is JSON) - but as Strings
IgnoreCache bool // Whether to leverage the cache on requests.
// contains filtered or unexported fields
}
*
- An object to manage attack payloads and structures.
func NewAttackObject ¶
func NewAttackObject(options ScanOptions) (AttackObject, error)
func (*AttackObject) Copy ¶
func (a *AttackObject) Copy() AttackObject
*
- Make a deep copy of this object
func (*AttackObject) Hash ¶
func (a *AttackObject) Hash() string
*
- Return a unique hash of this object
func (*AttackObject) QueryParams ¶
func (a *AttackObject) QueryParams() map[string]string
*
- Return a list of query parameters in a map param: value
func (*AttackObject) QueryString ¶
func (a *AttackObject) QueryString() string
*
- Return string of the request Query
func (*AttackObject) ReplaceBodyObject ¶
func (a *AttackObject) ReplaceBodyObject(pattern string, payload string, replaceKey bool, index int)
*
- Find a pattern in the body, and replace it with the given payload.
- If the body is JSON, this will take into account proper ways of finding
- the data correctly. For instance, a string should always be surrounded by quotes,
- but an int should be surrounded by some combination of white space, commas, or object/array
- closures. *
- This function assumes the pattern being replaced is a complete object - for instance
- if the body contains '"key": "value"', we would only replace "key" or "value", but never
- "alue" *
- Only replaces keys if inKey is set to true, so that data like username=username can be
- injected one at a time (key injections are rare) (not used on JSON at this time). *
- Index will replace the <index>th instance of pattern. index = -1 -> replace all, 0 -> replace the first instance.
func (*AttackObject) ReplaceQueryParam ¶
func (a *AttackObject) ReplaceQueryParam(oldkey string, key string, value string)
*
- Remove an oldkey/value pair, and replace it with a new key value pair
func (*AttackObject) RestoreBody ¶
func (a *AttackObject) RestoreBody()
*
- Replace attack body with original (default) data
func (*AttackObject) Send ¶
func (a *AttackObject) Send() (HTTPResponseObject, error)
*
- Send the request to the object target
func (*AttackObject) SetBody ¶
func (a *AttackObject) SetBody(body string)
*
- Update the request body with a payload
func (*AttackObject) SetQueryParam ¶
func (a *AttackObject) SetQueryParam(key string, payload string)
*
- Change a query param in the request query string. Use this to
- attempt nosql injection via GET paramaters.
func (*AttackObject) SetURL ¶
func (a *AttackObject) SetURL(u string)
*
- Parse a URL into an attack object
type BodyItem ¶
type BodyItem struct {
Value string // The specific item in the body
Placement int // where it falls in the body
}
An object to keep track of where values are located within a request body
type HTTPResponseObject ¶
func (*HTTPResponseObject) ContentEquals ¶
func (this *HTTPResponseObject) ContentEquals(cmp HTTPResponseObject) bool
*
- Determine if a given response object is equal to this object. *
- URL is not used in this determination. If two different URL's return the same
- response code and body, they are considered equal. For instance a URL that includes
- a boolean attack pattern may have differing URL's, and the same reponse, which can be used
- to determine information from the server.
func (*HTTPResponseObject) DeepEquals ¶
func (this *HTTPResponseObject) DeepEquals(cmp HTTPResponseObject) bool
*
- As Same as ContentEquals, but include headers in consideration
type InjectionObject ¶
type InjectionObject struct {
Type InjectionType
AttackObject AttackObject
InjectableParam string
InjectedParam string
InjectedValue string
Prefix string
Suffix string
}
*
- An object to manage discovered injections.
- - AttackObject is the original (unmodified) request that a successful injection was discovered for.
- - InectableParam is the param to be replaced with an attack
- - InjectedParam is the final value of the param
- - InjectedValue is the final value given to the param *
- Some injection types won't have both an injected param and value.
func Unique ¶
func Unique(injections []InjectionObject) []InjectionObject
*
- Remove any duplicate items in a slice of InjectionObjects
func (*InjectionObject) Hash ¶
func (i *InjectionObject) Hash() string
*
- Return a hash of this object
func (*InjectionObject) Print ¶
func (i *InjectionObject) Print()
func (*InjectionObject) String ¶
func (i *InjectionObject) String() string
type InjectionType ¶
type InjectionType int
func (InjectionType) String ¶
func (it InjectionType) String() string
type ScanOptions ¶
type ScanOptions struct {
Target string
Request string
ProxyInput string
UserAgentInput string
RequestData string
RequireHTTPS bool
AllowInsecureCertificates bool
}
* Struct to store and manage scan options and defaults
func (*ScanOptions) Proxy ¶
func (s *ScanOptions) Proxy() string
func (*ScanOptions) UserAgent ¶
func (s *ScanOptions) UserAgent() string
Source Files