Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/c0ny1/upload-fuzz-dic-builder
上传漏洞fuzz字典生成脚本
https://github.com/c0ny1/upload-fuzz-dic-builder
fuzz upload-vul
Last synced: 4 days ago
JSON representation
上传漏洞fuzz字典生成脚本
- Host: GitHub
- URL: https://github.com/c0ny1/upload-fuzz-dic-builder
- Owner: c0ny1
- License: mit
- Created: 2018-11-04T14:53:17.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2021-04-01T08:33:22.000Z (over 3 years ago)
- Last Synced: 2024-12-02T00:07:19.693Z (11 days ago)
- Topics: fuzz, upload-vul
- Language: Python
- Size: 172 KB
- Stars: 1,230
- Watchers: 18
- Forks: 257
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - c0ny1/upload-fuzz-dic-builder - 上传漏洞fuzz字典生成脚本 (Python)
README
# upload-fuzz-dic-builder 上传漏洞fuzz字典生成脚本
![生成的字典](doc/upload_fuzz_dic.png)
## 一、uasg
```
$ python upload-fuzz-dic-builder.py -h
usage: upload-fuzz-dic-builder [-h] [-n] [-a] [-l] [-m] [--os] [-d] [-o]optional arguments:
-h, --help show this help message and exit
-n , --upload-filename
Upload file name
-a , --allow-suffix Allowable upload suffix
-l , --language Uploaded script language
-m , --middleware Middleware used in Web System
--os Target operating system type
-d, --double-suffix Is it possible to generate double suffix?
-o , --output Output file
```### 1.1 Example1
生成适合全语言,全部中间件,全部操作系统的fuzz字典```
python upload-fuzz-dic-builder.py
```### 1.2 Example2
生成适合后端语言为`asp`的fuzz字典```
python upload-fuzz-dic-builder.py -l asp
```### 1.3 Example3
上传文件名为:`test`,可以上传后缀为`jpg`,后端语言为`php`,中间件为`apache`,操作系统为`Windows`,输出字典名为`upload_filename.txt`的fuzz字典```
python upload-fuzz-dic-builder.py -n test -a jpg -l php -m apache --os win -o upload_file.txt
```### 1.4 注意:
1. 生成时给的上传点相关信息越详细,生成的字典越精确!
2. 在使用burp的Intruder模块进行fuzz时将Payload面板中`Payload Encoding`一栏的`URL-encode these characters`选项设置为未选中状态。![burp intruder模块设置](doc/burp_intruder_setting.png)
## 二、more
[构造优质上传漏洞fuzz字典](http://gv7.me/articles/2018/make-upload-vul-fuzz-dic/)