-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathIntelliFuzzTest_cli.py
107 lines (82 loc) · 3.1 KB
/
IntelliFuzzTest_cli.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
import argparse
import uncurl_lib
import requests
from pyjfuzz.lib import PJFConfiguration
from pyjfuzz.lib import PJFFactory
from argparse import Namespace
import json
import re
from misc.parse_url import fuzz_url_path
from misc.utils import random_header
def arg_parser():
parser = argparse.ArgumentParser()
parser.add_argument("file", nargs='+',
help="input file")
args = parser.parse_args()
return args
def get_url_from_file(f):
with open(f, 'r') as f:
result = f.readlines(1)[0]
if re.findall(r"-i", result):
d_result = re.sub(r"-i", "", result)
return d_result
else:
return result
def get_mutated_json(json_string):
config = PJFConfiguration(Namespace(
json=json.loads(json_string),
level=6,
strong_fuzz=True,
nologo=True,
debug=False,
recheck_ports=False
))
# init the object factory used to fuzz (see documentation)
factory = PJFFactory(config)
mutated_json = factory.fuzzed
return mutated_json
def make_request(method, url, header, data):
req = requests.request(method, url, data=data, headers=header)
return req.status_code
if __name__ == '__main__':
args = arg_parser()
# args.file is a list of filenames, we need the first element!
url = get_url_from_file(args.file[0])
context = uncurl_lib.parse_context(url)
uncurl_url = context.url
uncurl_method = context.method
uncurl_data = context.data
uncurl_header = context.headers
new_header = random_header(uncurl_header)
for i in range(100):
try:
# get or delete, fuzz url
if uncurl_method == "get" or uncurl_method == "delete":
# will someone put req boby with GET/DELETE method ?
if uncurl_data is None:
fuzzed_json = uncurl_data
else:
fuzzed_json = get_mutated_json(str(uncurl_data))
new_url = fuzz_url_path(uncurl_url)
res_code = make_request(method=uncurl_method,
url=new_url,
header=new_header,
data=fuzzed_json,
)
print "status code:" + str(res_code) + "\tnew_url:" + \
"\t" + new_url
# post or put, fuzz post body
elif uncurl_method == "put" or uncurl_method == "post":
fuzzed_json = get_mutated_json(str(uncurl_data))
res_code = make_request(method=uncurl_method,
url=uncurl_url,
header=new_header,
data=fuzzed_json,
)
print "status code:" + str(res_code) + "\tpayload:" + \
"\t" + fuzzed_json
else:
print "Wrong request method ! Only PUT/GET/POST/DELETE " \
"supported!"
except:
pass