concuss 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +2 -2
- data/bin/concuss +4 -0
- data/lib/concuss/formatters/table.rb +31 -0
- data/lib/concuss/formatters.rb +6 -0
- data/lib/concuss/report.rb +20 -0
- data/lib/concuss/runner.rb +17 -9
- data/lib/concuss/version.rb +1 -1
- data/lib/concuss.rb +11 -4
- metadata +5 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ebbc8f1ad06752a93ba6b66ef4fa666a693532a792b71d14ff830ae1a7537494
|
|
4
|
+
data.tar.gz: 8a1b02193ffb5bac321fbad3a4905c7b00f9ddfec1df543ab755aba9c564b4e2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f9407c5f49b7dc5b2f03ad0b69e00e21b6f1940ea6167c630ffe59fd4366bd1e099c68e061fe2943c9c3c41ff4103ce781b50e9ed85a268627ab7e2fe41b0050
|
|
7
|
+
data.tar.gz: e891c23429f6931b81bf9b00a9b38bb4ecb361ebc3c40d35dead0b7f5510e8a7ed33cd88c27dbb532d438baed12126cabf588cf04dc82448e64b45584402a0a3
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -44,10 +44,10 @@ While concuss is designed to be used as a command line tool, you can also includ
|
|
|
44
44
|
require 'concuss'
|
|
45
45
|
|
|
46
46
|
concuss = Concuss.new(url: 'http://localhost:4567', file: 'header_file.txt', header_set: :standard, test_string: "OOGABOOGA")
|
|
47
|
-
concuss.attack!
|
|
47
|
+
report = concuss.attack!
|
|
48
48
|
```
|
|
49
49
|
|
|
50
|
-
|
|
50
|
+
From there, you'll get a `Concuss::Report` object that contains the raw data as well as filters for `hits`, `misses`, `headers`, and the `url` in the event you've done a bunch of these.
|
|
51
51
|
|
|
52
52
|
## Demo
|
|
53
53
|
|
data/bin/concuss
CHANGED
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
class Concuss::Formatters::Table
|
|
2
|
+
|
|
3
|
+
HEADINGS = ['HEADER', 'RESPONSE_CODE', 'HIT/MISS'].freeze
|
|
4
|
+
|
|
5
|
+
def initialize(report)
|
|
6
|
+
@report = report
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def print
|
|
10
|
+
header_max_length = @report.headers.map(&:length).max
|
|
11
|
+
response_code_length = HEADINGS[1].length
|
|
12
|
+
hit_header_length = HEADINGS[2].length
|
|
13
|
+
|
|
14
|
+
header_format = "%-#{header_max_length}s | %-#{response_code_length}s | %-0s\n"
|
|
15
|
+
separator = '-' * (header_max_length + response_code_length + hit_header_length + 6)
|
|
16
|
+
|
|
17
|
+
puts header_format % HEADINGS
|
|
18
|
+
puts separator
|
|
19
|
+
print_data(@report.hits, header_format)
|
|
20
|
+
print_data(@report.misses, header_format)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
private
|
|
24
|
+
|
|
25
|
+
def print_data(data, header_format)
|
|
26
|
+
data.sort.each do |header, values|
|
|
27
|
+
puts header_format % [header, values[:response_code], values[:hit] ? 'HIT' : 'MISS']
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
class Concuss::Report
|
|
2
|
+
attr_reader :data, :url
|
|
3
|
+
|
|
4
|
+
def initialize(data:, url:)
|
|
5
|
+
@url = url
|
|
6
|
+
@data = data
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def hits
|
|
10
|
+
data.select { |_, value| value[:hit] }
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def misses
|
|
14
|
+
data.reject { |_, value| value[:hit] }
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def headers
|
|
18
|
+
data.keys
|
|
19
|
+
end
|
|
20
|
+
end
|
data/lib/concuss/runner.rb
CHANGED
|
@@ -3,18 +3,20 @@ require 'net/http'
|
|
|
3
3
|
|
|
4
4
|
class Concuss::Runner
|
|
5
5
|
DEFAULT_USER_AGENT = "Concuss/#{Concuss::VERSION}"
|
|
6
|
-
|
|
7
|
-
attr_reader :headers, :url, :test_string, :user_agent
|
|
8
6
|
|
|
9
|
-
|
|
7
|
+
attr_reader :headers, :url, :test_string, :user_agent, :progress_type
|
|
8
|
+
|
|
9
|
+
def initialize(headers:, url:, test_string: nil, user_agent: nil, progress_type: nil)
|
|
10
10
|
@headers = headers
|
|
11
11
|
@url = url
|
|
12
12
|
@test_string = test_string || SecureRandom.hex(25)
|
|
13
13
|
@user_agent = user_agent || DEFAULT_USER_AGENT
|
|
14
|
+
@progress_type = progress_type
|
|
14
15
|
end
|
|
15
16
|
|
|
16
17
|
def run
|
|
17
18
|
uri = URI(@url)
|
|
19
|
+
report_data = { }
|
|
18
20
|
|
|
19
21
|
@headers.each do |header|
|
|
20
22
|
response = Net::HTTP.get_response(uri,
|
|
@@ -24,14 +26,20 @@ class Concuss::Runner
|
|
|
24
26
|
}
|
|
25
27
|
)
|
|
26
28
|
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
else
|
|
30
|
-
result = "MISS"
|
|
31
|
-
end
|
|
29
|
+
hit = response.code == "200" && response.body.include?(@test_string)
|
|
30
|
+
report_data[header] = { response_code: response.code, hit: hit }
|
|
32
31
|
|
|
33
|
-
|
|
32
|
+
case progress_type
|
|
33
|
+
when :full
|
|
34
|
+
puts "#{header} - #{response.code} - #{hit ? "HIT" : "MISS"}"
|
|
35
|
+
when :dots
|
|
36
|
+
print "."
|
|
37
|
+
end
|
|
34
38
|
end
|
|
39
|
+
|
|
40
|
+
puts "" if progress_type == :dots
|
|
41
|
+
|
|
42
|
+
return Concuss::Report.new(data: report_data, url: @url)
|
|
35
43
|
end
|
|
36
44
|
end
|
|
37
45
|
|
data/lib/concuss/version.rb
CHANGED
data/lib/concuss.rb
CHANGED
|
@@ -3,25 +3,32 @@
|
|
|
3
3
|
class Concuss
|
|
4
4
|
class Error < StandardError; end
|
|
5
5
|
|
|
6
|
-
attr_reader :url, :file, :header_set, :headers, :test_string, :user_agent
|
|
6
|
+
attr_reader :url, :file, :header_set, :headers, :test_string, :user_agent, :formatter, :progress_type
|
|
7
7
|
|
|
8
|
-
def initialize(url:, file: nil, header_set: :all, test_string: nil, user_agent: nil)
|
|
8
|
+
def initialize(url:, file: nil, header_set: :all, test_string: nil, user_agent: nil, formatter: nil, progress_type: nil)
|
|
9
9
|
@url = url
|
|
10
10
|
@file = file
|
|
11
11
|
@header_set = file.nil? ? header_set : :file
|
|
12
12
|
@test_string = test_string
|
|
13
13
|
@user_agent = user_agent
|
|
14
|
+
@formatter = formatter
|
|
15
|
+
@progress_type = progress_type
|
|
14
16
|
|
|
15
17
|
@headers = Concuss::Headers.new(header_set: @header_set, file: @file).group
|
|
16
18
|
end
|
|
17
19
|
|
|
18
20
|
def attack!
|
|
19
|
-
runner = Concuss::Runner.new(headers: headers, url: url, test_string: test_string, user_agent: user_agent)
|
|
21
|
+
runner = Concuss::Runner.new(headers: headers, url: url, test_string: test_string, user_agent: user_agent, progress_type: progress_type)
|
|
22
|
+
results = runner.run
|
|
20
23
|
|
|
21
|
-
|
|
24
|
+
formatter.new(results).print if formatter
|
|
25
|
+
|
|
26
|
+
return results
|
|
22
27
|
end
|
|
23
28
|
end
|
|
24
29
|
|
|
25
30
|
require_relative "concuss/version"
|
|
31
|
+
require_relative "concuss/report"
|
|
26
32
|
require_relative "concuss/headers"
|
|
27
33
|
require_relative "concuss/runner"
|
|
34
|
+
require_relative "concuss/formatters"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: concuss
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Patrick Tulskie
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-02-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Test websites for header injection issues
|
|
14
14
|
email:
|
|
@@ -27,7 +27,10 @@ files:
|
|
|
27
27
|
- Rakefile
|
|
28
28
|
- bin/concuss
|
|
29
29
|
- lib/concuss.rb
|
|
30
|
+
- lib/concuss/formatters.rb
|
|
31
|
+
- lib/concuss/formatters/table.rb
|
|
30
32
|
- lib/concuss/headers.rb
|
|
33
|
+
- lib/concuss/report.rb
|
|
31
34
|
- lib/concuss/runner.rb
|
|
32
35
|
- lib/concuss/version.rb
|
|
33
36
|
homepage: https://github.com/patricktulskie/concuss
|