concuss 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +2 -2
- data/bin/concuss +4 -0
- data/lib/concuss/formatters/table.rb +31 -0
- data/lib/concuss/formatters.rb +6 -0
- data/lib/concuss/report.rb +20 -0
- data/lib/concuss/runner.rb +17 -9
- data/lib/concuss/version.rb +1 -1
- data/lib/concuss.rb +11 -4
- metadata +5 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ebbc8f1ad06752a93ba6b66ef4fa666a693532a792b71d14ff830ae1a7537494
|
|
4
|
+
data.tar.gz: 8a1b02193ffb5bac321fbad3a4905c7b00f9ddfec1df543ab755aba9c564b4e2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f9407c5f49b7dc5b2f03ad0b69e00e21b6f1940ea6167c630ffe59fd4366bd1e099c68e061fe2943c9c3c41ff4103ce781b50e9ed85a268627ab7e2fe41b0050
|
|
7
|
+
data.tar.gz: e891c23429f6931b81bf9b00a9b38bb4ecb361ebc3c40d35dead0b7f5510e8a7ed33cd88c27dbb532d438baed12126cabf588cf04dc82448e64b45584402a0a3
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -44,10 +44,10 @@ While concuss is designed to be used as a command line tool, you can also includ
|
|
|
44
44
|
require 'concuss'
|
|
45
45
|
|
|
46
46
|
concuss = Concuss.new(url: 'http://localhost:4567', file: 'header_file.txt', header_set: :standard, test_string: "OOGABOOGA")
|
|
47
|
-
concuss.attack!
|
|
47
|
+
report = concuss.attack!
|
|
48
48
|
```
|
|
49
49
|
|
|
50
|
-
|
|
50
|
+
From there, you'll get a `Concuss::Report` object that contains the raw data as well as filters for `hits`, `misses`, `headers`, and the `url` in the event you've done a bunch of these.
|
|
51
51
|
|
|
52
52
|
## Demo
|
|
53
53
|
|
data/bin/concuss
CHANGED
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
class Concuss::Formatters::Table
|
|
2
|
+
|
|
3
|
+
HEADINGS = ['HEADER', 'RESPONSE_CODE', 'HIT/MISS'].freeze
|
|
4
|
+
|
|
5
|
+
def initialize(report)
|
|
6
|
+
@report = report
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def print
|
|
10
|
+
header_max_length = @report.headers.map(&:length).max
|
|
11
|
+
response_code_length = HEADINGS[1].length
|
|
12
|
+
hit_header_length = HEADINGS[2].length
|
|
13
|
+
|
|
14
|
+
header_format = "%-#{header_max_length}s | %-#{response_code_length}s | %-0s\n"
|
|
15
|
+
separator = '-' * (header_max_length + response_code_length + hit_header_length + 6)
|
|
16
|
+
|
|
17
|
+
puts header_format % HEADINGS
|
|
18
|
+
puts separator
|
|
19
|
+
print_data(@report.hits, header_format)
|
|
20
|
+
print_data(@report.misses, header_format)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
private
|
|
24
|
+
|
|
25
|
+
def print_data(data, header_format)
|
|
26
|
+
data.sort.each do |header, values|
|
|
27
|
+
puts header_format % [header, values[:response_code], values[:hit] ? 'HIT' : 'MISS']
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
class Concuss::Report
|
|
2
|
+
attr_reader :data, :url
|
|
3
|
+
|
|
4
|
+
def initialize(data:, url:)
|
|
5
|
+
@url = url
|
|
6
|
+
@data = data
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def hits
|
|
10
|
+
data.select { |_, value| value[:hit] }
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def misses
|
|
14
|
+
data.reject { |_, value| value[:hit] }
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def headers
|
|
18
|
+
data.keys
|
|
19
|
+
end
|
|
20
|
+
end
|
data/lib/concuss/runner.rb
CHANGED
|
@@ -3,18 +3,20 @@ require 'net/http'
|
|
|
3
3
|
|
|
4
4
|
class Concuss::Runner
|
|
5
5
|
DEFAULT_USER_AGENT = "Concuss/#{Concuss::VERSION}"
|
|
6
|
-
|
|
7
|
-
attr_reader :headers, :url, :test_string, :user_agent
|
|
8
6
|
|
|
9
|
-
|
|
7
|
+
attr_reader :headers, :url, :test_string, :user_agent, :progress_type
|
|
8
|
+
|
|
9
|
+
def initialize(headers:, url:, test_string: nil, user_agent: nil, progress_type: nil)
|
|
10
10
|
@headers = headers
|
|
11
11
|
@url = url
|
|
12
12
|
@test_string = test_string || SecureRandom.hex(25)
|
|
13
13
|
@user_agent = user_agent || DEFAULT_USER_AGENT
|
|
14
|
+
@progress_type = progress_type
|
|
14
15
|
end
|
|
15
16
|
|
|
16
17
|
def run
|
|
17
18
|
uri = URI(@url)
|
|
19
|
+
report_data = { }
|
|
18
20
|
|
|
19
21
|
@headers.each do |header|
|
|
20
22
|
response = Net::HTTP.get_response(uri,
|
|
@@ -24,14 +26,20 @@ class Concuss::Runner
|
|
|
24
26
|
}
|
|
25
27
|
)
|
|
26
28
|
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
else
|
|
30
|
-
result = "MISS"
|
|
31
|
-
end
|
|
29
|
+
hit = response.code == "200" && response.body.include?(@test_string)
|
|
30
|
+
report_data[header] = { response_code: response.code, hit: hit }
|
|
32
31
|
|
|
33
|
-
|
|
32
|
+
case progress_type
|
|
33
|
+
when :full
|
|
34
|
+
puts "#{header} - #{response.code} - #{hit ? "HIT" : "MISS"}"
|
|
35
|
+
when :dots
|
|
36
|
+
print "."
|
|
37
|
+
end
|
|
34
38
|
end
|
|
39
|
+
|
|
40
|
+
puts "" if progress_type == :dots
|
|
41
|
+
|
|
42
|
+
return Concuss::Report.new(data: report_data, url: @url)
|
|
35
43
|
end
|
|
36
44
|
end
|
|
37
45
|
|
data/lib/concuss/version.rb
CHANGED
data/lib/concuss.rb
CHANGED
|
@@ -3,25 +3,32 @@
|
|
|
3
3
|
class Concuss
|
|
4
4
|
class Error < StandardError; end
|
|
5
5
|
|
|
6
|
-
attr_reader :url, :file, :header_set, :headers, :test_string, :user_agent
|
|
6
|
+
attr_reader :url, :file, :header_set, :headers, :test_string, :user_agent, :formatter, :progress_type
|
|
7
7
|
|
|
8
|
-
def initialize(url:, file: nil, header_set: :all, test_string: nil, user_agent: nil)
|
|
8
|
+
def initialize(url:, file: nil, header_set: :all, test_string: nil, user_agent: nil, formatter: nil, progress_type: nil)
|
|
9
9
|
@url = url
|
|
10
10
|
@file = file
|
|
11
11
|
@header_set = file.nil? ? header_set : :file
|
|
12
12
|
@test_string = test_string
|
|
13
13
|
@user_agent = user_agent
|
|
14
|
+
@formatter = formatter
|
|
15
|
+
@progress_type = progress_type
|
|
14
16
|
|
|
15
17
|
@headers = Concuss::Headers.new(header_set: @header_set, file: @file).group
|
|
16
18
|
end
|
|
17
19
|
|
|
18
20
|
def attack!
|
|
19
|
-
runner = Concuss::Runner.new(headers: headers, url: url, test_string: test_string, user_agent: user_agent)
|
|
21
|
+
runner = Concuss::Runner.new(headers: headers, url: url, test_string: test_string, user_agent: user_agent, progress_type: progress_type)
|
|
22
|
+
results = runner.run
|
|
20
23
|
|
|
21
|
-
|
|
24
|
+
formatter.new(results).print if formatter
|
|
25
|
+
|
|
26
|
+
return results
|
|
22
27
|
end
|
|
23
28
|
end
|
|
24
29
|
|
|
25
30
|
require_relative "concuss/version"
|
|
31
|
+
require_relative "concuss/report"
|
|
26
32
|
require_relative "concuss/headers"
|
|
27
33
|
require_relative "concuss/runner"
|
|
34
|
+
require_relative "concuss/formatters"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: concuss
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Patrick Tulskie
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-02-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Test websites for header injection issues
|
|
14
14
|
email:
|
|
@@ -27,7 +27,10 @@ files:
|
|
|
27
27
|
- Rakefile
|
|
28
28
|
- bin/concuss
|
|
29
29
|
- lib/concuss.rb
|
|
30
|
+
- lib/concuss/formatters.rb
|
|
31
|
+
- lib/concuss/formatters/table.rb
|
|
30
32
|
- lib/concuss/headers.rb
|
|
33
|
+
- lib/concuss/report.rb
|
|
31
34
|
- lib/concuss/runner.rb
|
|
32
35
|
- lib/concuss/version.rb
|
|
33
36
|
homepage: https://github.com/patricktulskie/concuss
|