https://github.com/dermot10/app_vulnerability_code
CLI tool used as a demo to get the developer role at H&B. It's purpose is to remotely launch cyber attacks on a dummy site through web-browser automation
https://github.com/dermot10/app_vulnerability_code
cli cybersecurity modular-design playwright pydantic python typer-cli unittesting
Last synced: 7 months ago
JSON representation
CLI tool used as a demo to get the developer role at H&B. It's purpose is to remotely launch cyber attacks on a dummy site through web-browser automation
- Host: GitHub
- URL: https://github.com/dermot10/app_vulnerability_code
- Owner: Dermot10
- License: mit
- Created: 2023-05-30T18:32:19.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2023-06-19T03:12:31.000Z (over 2 years ago)
- Last Synced: 2025-06-02T10:04:43.587Z (9 months ago)
- Topics: cli, cybersecurity, modular-design, playwright, pydantic, python, typer-cli, unittesting
- Language: Python
- Homepage:
- Size: 38.1 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: license.txt
Awesome Lists containing this project
README
# GruyereExploitationCLI
This module provides the GruyereExploitationCLI.
## Installation
To install the GruyereExploitationCLI, follow these steps:
1. Clone the repository: `git clone https://github.com/Dermot10/app_vulnerability_code.git`
2. Install the required dependencies: `pip install -r requirements.txt`
# Exploit Browser CLI
This command-line interface (CLI) provides a set of commands to perform various web security exploits using a browser automation tool.
## Commands and arguments
### `exploit-dom-xss`
This command exploits the DOM (Document Object Model) with an XSS (Cross-Site Scripting) attack. It injects custom JavaScript or HTML payload into the DOM of the specified URL.
- Arguments:
- ``: Gruyere home page url.
- ``: Text or HTML to inject into the DOM.
### `exploit-reflected-xss`
This command exploits a URL with a reflected XSS attack. It sends a malicious payload to the URL, which gets reflected back in the response, potentially executing arbitrary scripts in the user's browser.
- Arguments:
- ``: Gruyere home page url.
### `exploit-gruyere-server`
This command exploits the Gruyere server to read the contents of the `secret.txt` file using path traversal. It retrieves the file data from the specified URL and saves it to the specified location on the local system.
- Arguments:
- ``: The URL of the Gruyere home page.
- ``: The file name and existing location to write the data to.
### `exploit-path-traversal`
This command exploits a URL with a path traversal vulnerability to upload a file to the Gruyere server. It injects a file into the specified URL's path, allowing unauthorized file uploads.
- Arguments:
- ``: The URL of the Gruyere web page to exploit.
- ``: The path and file you want to inject into the URL.
### `exploit_cookies_elevate_privileges`
This command exploits cookies to elevate user privileges. It leverages cookies to bypass authentication and gain elevated privileges, such as admin privileges.
Username - administrator
Password - secret
- Arguments:
- ``: Gruyere home page url.
### `remote_login`
This command remotely logs in to a specified URL. It simulates the login process by providing the username and password, allowing for further testing and exploration.
- Arguments:
- ``: The URL of the Gruyere login page.
- ``: The username for login.
- ``: The password for login.
### `check_cookies`
This command retrieves the cookies from a webpage. Cookies are granted and never revoked, and they can be used to bypass authentication or gain unauthorized access.
To check the cookies for the user, use the remote login command after creating a user.
- Arguments:
- ``: The URL of the Gruyere home web page.
### `exploit_upload`
This command uploads a file containing HTML to the specified webpage. This can be used to exploit vulnerabilities related to file uploads, such as executing malicious scripts or compromising the server.
- Arguments:
- ``: The URL of the Gruyere upload page.
- ``: The file to upload.
**Note:** Each command includes a delay after execution to allow for proper handling and observation of the exploit. Modify the sleep duration as needed for your specific use case.
## Usage
To use the CLI, execute the desired command with the required arguments. For example:
```bash
$ python main.py exploit-dom-xss "https://example.com" "alert('XSS');"
```
"This project is licensed under the MIT License. See the LICENSE file for more information."