安全假设断言图书馆
fluidasserts的Python项目详细描述
Fluid Asserts是引擎 自动关闭安全发现 过度执行环境(DAST)。
设置
pip install -U fluidasserts
用法
将所需的Fluid Asserts模块导入攻击:
fromfluidasserts.protoimporthttphttp.has_sqli('http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27')
运行您的漏洞:
$ python example.py
---
# Fluid Asserts (v. 18.5.39870)
# ___
# | >>|> fluid
# |___| attacks, we hack your software
#
# Loading attack modules ...
---
check: fluidasserts.proto.http.has_sqli
status: OPEN
message: 'A bad text was present: "Warning.*mysql_.*"'
details:
fingerprint:
sha256: 2778b9d49ae98527b95f1c60b0989c1ee870c11e65ee6c359eff8b6f757b0e27
banner: "Server: nginx/1.4.1\r\nDate: Mon, 26 Jan 1970 01:11:40 GMT\r\nContent-Type:\
\ text/xml\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By:\
\ PHP/5.3.10-1~lucid+2uwsgi2"
url: http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27
when: 2018-05-28 11:40:19.721614
---
欢迎加入QQ群-->: 979659372
