concuss 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c5ead6fff82661378bb379172fb4e62a3d22c5a312d363cc9c49a8ebce268e40
+  data.tar.gz: 9bce360c65581ef6ec55ecd6084609680fff69a4480f7ef75041a8cb1c8df756
+SHA512:
+  metadata.gz: 5f83174439a0930992841f179026927addfd43b3aab14ce08738959f28a04a23eff6b40d83ca610586b5d23aa22c9073d59c0fa04843e0fe15bcf8f865a51302
+  data.tar.gz: 517db0408b735b4f4741f720f23222e5c9ab2f4cdc5b09f3a943df65e54b33dfc68256bcd3b9fda1d350c597003b6ce7cbb6bcc08e39a6b15f8d1233872f2ad3

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [0.1.0] - 2023-01-18
+
+- Initial release

data/Gemfile

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in concuss.gemspec
+gemspec
+
+gem "rake", "~> 13.0"
+
+gem "rspec", "~> 3.0"
+gem "byebug"

data/Gemfile.lock

@@ -0,0 +1,36 @@
+PATH
+  remote: .
+  specs:
+    concuss (0.1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    byebug (11.1.3)
+    diff-lcs (1.5.0)
+    rake (13.0.6)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.0)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.3)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.0)
+
+PLATFORMS
+  x86_64-linux
+
+DEPENDENCIES
+  byebug
+  concuss!
+  rake (~> 13.0)
+  rspec (~> 3.0)
+
+BUNDLED WITH
+   2.4.1

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2023 Patrick Tulskie
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,59 @@
+# Concuss
+
+## What is it?
+
+Concuss is a tool for banging against a url with a bunch of different headers to look for potential vulnerabilities.
+
+It works by sending a custom or a random string to a webserver for a specific url in a variety of headers to see if it's able to get that string to appear on the page. If so, you'll get a HIT and you can evaluate that header to see if it's useful for some kind of XSS, cache poisoning, or some other form of injection from malformed headers.
+
+## What it is NOT.
+
+Concuss is not a tool for automating vulnerabilities, nor should it be used to certify that a page is safe from vulnerabilities. It should not be used on applications or website that you do not personally have permission to scan.
+
+Sending malformed headers to a site can potentially cause errors, crashing, and other damage that I am not responsible for as a result of any usage of this tool. You agree to use this tool at your own risk.
+
+## Installation
+
+Install the gem and add to the application's Gemfile by executing:
+
+    $ bundle add concuss
+
+If bundler is not being used to manage dependencies, install the gem by executing:
+
+    $ gem install concuss
+
+## Usage
+
+Primarily, you'll want to use it as a CLI like so:
+
+```
+concuss http://localhost:4567
+concuss http://localhost:4567 -h non_standard
+```
+
+See `concuss --help` for more usage details.
+
+While concuss is designed to be used as a command line tool, you can also include it in your own custom application like so:
+
+```
+require 'concuss'
+
+concuss = Concuss.new(url: 'http://localhost:4567', file: 'header_file.txt', header_set: :standard, test_string: "OOGABOOGA")
+concuss.attack!
+```
+
+This will spit out the results, which isn't super useful if you need to post process them... I'll work on that though.
+
+## Development
+
+After checking out the repo, run `script/setup` to install dependencies. Then, run `rspec` to run the tests. You can also run `script/console` for an interactive prompt that will allow you to experiment.
+
+If you add features or fix bugs, please write specs and open up a PR.
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/patricktulskie/concuss
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/concuss

@@ -0,0 +1,31 @@
+#!/usr/bin/env ruby
+
+require_relative '../lib/concuss'
+require 'optparse'
+
+options = { }
+
+OptionParser.new do |opts|
+  opts.banner = "Usage: concuss [url] [options]"
+
+  opts.on("-f", "--file FILE", "Specify file with custom headers") do |v|
+    options[:file] = v
+  end
+
+  opts.on("-h", "--header-set [all|standard|non_standard]", "Header set. Default is 'all'. Ignored if a file is specified. ") do |v|
+    options[:header_set] = v.to_sym
+  end
+
+  opts.on("-t", "--test-string STRING", "Set a custom test string. If none specified, it sets a random string to match on.") do |v|
+    options[:test_string] = v
+  end
+end.parse!
+
+if ARGV[0].nil?
+  puts "Must provide a url. Try --help for usage."
+  exit 1
+end
+
+options[:url] = ARGV[0]
+
+Concuss.new(**options).attack!

data/lib/concuss/headers.rb

@@ -0,0 +1,79 @@
+class Concuss::Headers
+  attr_reader :header_set, :file
+
+  STANDARD_HEADERS = [
+    'Accept',
+    'Accept-Charset',
+    'Accept-Encoding',
+    'Accept-Language',
+    'Accept-Datetime',
+    'Authorization',
+    'Cache-Control',
+    'Connection',
+    'Cookie',
+    'Content-Length',
+    'Content-MD5',
+    'Content-Type',
+    'Date',
+    'Expect',
+    'From',
+    'Host',
+    'If-Match',
+    'If-Modified-Since',
+    'If-None-Match',
+    'If-Range',
+    'If-Unmodified-Since',
+    'Max-Forwards',
+    'Origin',
+    'Pragma',
+    'Proxy-Authorization',
+    'Range',
+    'Referer',
+    'TE',
+    'User-Agent',
+    'Upgrade',
+    'Via',
+    'Warning'
+  ]
+
+  NON_STANDARD_HEADERS = [
+    'X-Requested-With',
+    'X-Forwarded-For',
+    'X-Forwarded-Proto',
+    'X-Http-Method-Override',
+    'X-CSRF-Token'
+  ]
+
+  def initialize(header_set:, file: nil)
+    @header_set = header_set
+    @file = file
+  end
+
+  def group
+    case @header_set
+    when :standard
+      STANDARD_HEADERS
+    when :non_standard
+      NON_STANDARD_HEADERS
+    when :all
+      STANDARD_HEADERS + NON_STANDARD_HEADERS
+    when :file
+      read_file(@file)
+    else
+      fail "Invalid header set"
+    end
+  end
+
+  private
+
+  def read_file(file_path)
+    lines = []
+    File.open(file_path, "r") do |file|
+      file.each_line do |line|
+        lines << line.strip
+      end
+    end
+    lines
+  end
+end
+

data/lib/concuss/runner.rb

@@ -0,0 +1,31 @@
+require 'securerandom'
+require 'net/http'
+
+class Concuss::Runner
+  attr_reader :headers, :url, :test_string
+
+  def initialize(headers:, url:, test_string: nil)
+    @headers = headers
+    @url = url
+    @test_string = test_string || SecureRandom.hex(25)
+  end
+
+  def run
+    uri = URI(@url)
+
+    @headers.each do |header|
+      response = Net::HTTP.get_response(uri,
+        { header => test_string }
+      )
+
+      if response.code == "200" && response.body.include?(@test_string)
+        result = "HIT"
+      else
+        result = "MISS"
+      end
+
+      puts "#{header} - #{response.code} - #{result}"
+    end
+  end
+end
+

data/lib/concuss/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class Concuss
+  VERSION = "0.1.0"
+end

data/lib/concuss.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+class Concuss
+  class Error < StandardError; end
+
+  attr_reader :url, :file, :header_set, :headers, :test_string
+
+  def initialize(url:, file: nil, header_set: :all, test_string: nil)
+    @url = url
+    @file = file
+    @header_set = file.nil? ? header_set : :file
+    @test_string = test_string
+
+    @headers = Concuss::Headers.new(header_set: @header_set, file: @file).group
+  end
+
+  def attack!
+    runner = Concuss::Runner.new(headers: headers, url: url, test_string: test_string)
+
+    runner.run
+  end
+end
+
+require_relative "concuss/version"
+require_relative "concuss/headers"
+require_relative "concuss/runner"

metadata

@@ -0,0 +1,59 @@
+--- !ruby/object:Gem::Specification
+name: concuss
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Patrick Tulskie
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-01-21 00:00:00.000000000 Z
+dependencies: []
+description: Test websites for header injection issues
+email:
+- patricktulskie@gmail.com
+executables:
+- concuss
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rspec"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/concuss
+- lib/concuss.rb
+- lib/concuss/headers.rb
+- lib/concuss/runner.rb
+- lib/concuss/version.rb
+homepage: https://github.com/patricktulskie/concuss
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/patricktulskie/concuss
+  source_code_uri: https://github.com/PatrickTulskie/concuss
+  changelog_uri: https://github.com/PatrickTulskie/concuss/blob/main/CHANGELOG.md
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.6.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.1
+signing_key:
+specification_version: 4
+summary: Automatic testing for malformed header vulns
+test_files: []