enchant 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
data/.gitignore ADDED
@@ -0,0 +1 @@
1
+ doc/*
data/COPYING ADDED
@@ -0,0 +1,28 @@
1
+ // [The "BSD licence"]
2
+ // Copyright (c) 2010 Paolo Perego, paolo@armoredcode.com
3
+ // http://www.armoredcode.com
4
+ // http://www.linkedin.com/in/thesp0nge
5
+ //
6
+ // All rights reserved.
7
+ //
8
+ // Redistribution and use in source and binary forms, with or without
9
+ // modification, are permitted provided that the following conditions
10
+ // are met:
11
+ // 1. Redistributions of source code must retain the above copyright
12
+ // notice, this list of conditions and the following disclaimer.
13
+ // 2. Redistributions in binary form must reproduce the above copyright
14
+ // notice, this list of conditions and the following disclaimer in the
15
+ // documentation and/or other materials provided with the distribution.
16
+ // 3. The name of the author may not be used to endorse or promote products
17
+ // derived from this software without specific prior written permission.
18
+ //
19
+ // THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20
+ // IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21
+ // OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22
+ // IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23
+ // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24
+ // NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25
+ // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26
+ // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27
+ // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28
+ // THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
data/ChangeLog ADDED
@@ -0,0 +1,3 @@
1
+ 2010-05-18 Paolo Perego <thesp0nge@gmail.com>
2
+
3
+ * lib/enchant.rb (none): first typos
data/README.txt ADDED
@@ -0,0 +1,57 @@
1
+ = enchant
2
+
3
+ Enchant is is tool aimed to discover web application directory and pages by
4
+ fuzzing the requests using a dictionary approach.
5
+
6
+ The purpose is for security guys to discover a web application exposed paths
7
+ without knowing anything about the app they have to test.
8
+
9
+ Enchant doesn't perform any DoS attack, it plays just with HTTP GET observing
10
+ the return code. Please be ethical and use this tool only against website
11
+ you're allowed to stress test.
12
+
13
+ == SYNOPSIS:
14
+
15
+
16
+ == REQUIREMENTS:
17
+
18
+
19
+ == INSTALL:
20
+
21
+ 'sudo gem install enchant'
22
+
23
+ == DEVELOPERS:
24
+
25
+ After checking out the source, run:
26
+
27
+ $ rake newb
28
+
29
+ This task will install any missing dependencies, run the tests/specs,
30
+ and generate the RDoc.
31
+
32
+ == LICENSE:
33
+ [The "BSD licence"]
34
+ Copyright (c) 2010 Paolo Perego, paolo@armoredcode.com
35
+ All rights reserved.
36
+
37
+ Redistribution and use in source and binary forms, with or without
38
+ modification, are permitted provided that the following conditions
39
+ are met:
40
+ 1. Redistributions of source code must retain the above copyright
41
+ notice, this list of conditions and the following disclaimer.
42
+ 2. Redistributions in binary form must reproduce the above copyright
43
+ notice, this list of conditions and the following disclaimer in the
44
+ documentation and/or other materials provided with the distribution.
45
+ 3. The name of the author may not be used to endorse or promote products
46
+ derived from this software without specific prior written permission.
47
+
48
+ THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
49
+ IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
50
+ OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
51
+ IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
52
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
53
+ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
54
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
55
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
56
+ INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
57
+ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
data/Rakefile ADDED
@@ -0,0 +1,15 @@
1
+ begin
2
+ require 'jeweler'
3
+ Jeweler::Tasks.new do |gemspec|
4
+ gemspec.name = "enchant"
5
+ gemspec.summary = "Your magical web application fuzzer"
6
+ gemspec.description = "Enchant is tool aimed to discover web application directory and pages by fuzzing the requests using a dictionary approach"
7
+ gemspec.email = "paolo@armoredcode.com"
8
+ gemspec.homepage = "http://github.com/thesp0nge/enchant"
9
+ gemspec.authors = ["Paolo Perego"]
10
+ gemspec.add_dependency('ruby-progressbar')
11
+ end
12
+ Jeweler::GemcutterTasks.new
13
+ rescue LoadError
14
+ puts "Jeweler not available. Install it with: gem install jeweler"
15
+ end
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 0.1.0
data/bin/enchant ADDED
@@ -0,0 +1,70 @@
1
+ #!/usr/bin/env ruby
2
+ require 'rubygems'
3
+ require 'lib/Enchant'
4
+ require 'rainbow'
5
+ require 'progressbar'
6
+ require 'getoptlong'
7
+ require 'rdoc/usage'
8
+
9
+ opts = GetoptLong.new(
10
+ [ '--help', '-h', GetoptLong::NO_ARGUMENT ],
11
+ [ '--version', '-v', GetoptLong::NO_ARGUMENT ],
12
+ [ '--wordlist', '-w', GetoptLong::REQUIRED_ARGUMENT ]
13
+ )
14
+
15
+ wordlist = 'basic.txt'
16
+ opts.each do |opt, arg|
17
+ case opt
18
+ when '--help'
19
+ RDoc::usage
20
+ exit 0
21
+ when '--version'
22
+ puts Enchant.version
23
+ exit 0
24
+ when '--wordlist'
25
+ if arg == ''
26
+ wordlist = 'basic.txt'
27
+ else
28
+ wordlist = arg
29
+ end
30
+ end
31
+ end
32
+
33
+ if ARGV.length != 1
34
+ puts "Missing url argument (try --help)"
35
+ exit 0
36
+ end
37
+
38
+ url = ARGV.shift
39
+
40
+
41
+ e = Enchant.new(url)
42
+ puts e
43
+ puts "Sending probe to #{url}"
44
+ e.list(wordlist)
45
+ list = e.fuzz()
46
+ if list == nil
47
+ puts "Enchant is giving up since no wordlist file is available"
48
+ exit -1
49
+ end
50
+
51
+ pbar = ProgressBar.new("urls", list.size)
52
+
53
+ list.each {|x|
54
+ pbar.inc
55
+ code = e.get("/".concat(x).chomp)
56
+ unless code != 404
57
+ case code
58
+ # just hide 404s... when "404" then puts "Status is #{code} for /#{x.chomp}".foreground(:yellow)
59
+ when "200" then puts "Status is #{code} for /#{x.chomp}".foreground(:green)
60
+ when "500" then puts "Status is #{code} for /#{x.chomp}".foreground(:red)
61
+ else
62
+ puts "Status is #{code} for /#{x.chomp}"
63
+ end
64
+ end
65
+ }
66
+ pbar.finish
67
+ # puts e.server
68
+ #
69
+
70
+
data/enchant.gemspec ADDED
@@ -0,0 +1,55 @@
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE DIRECTLY
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
4
+ # -*- encoding: utf-8 -*-
5
+
6
+ Gem::Specification.new do |s|
7
+ s.name = %q{enchant}
8
+ s.version = "0.1.0"
9
+
10
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
+ s.authors = ["Paolo Perego"]
12
+ s.date = %q{2010-05-19}
13
+ s.default_executable = %q{enchant}
14
+ s.description = %q{Enchant is tool aimed to discover web application directory and pages by fuzzing the requests using a dictionary approach}
15
+ s.email = %q{paolo@armoredcode.com}
16
+ s.executables = ["enchant"]
17
+ s.extra_rdoc_files = [
18
+ "ChangeLog",
19
+ "README.txt"
20
+ ]
21
+ s.files = [
22
+ ".gitignore",
23
+ "COPYING",
24
+ "ChangeLog",
25
+ "README.txt",
26
+ "Rakefile",
27
+ "VERSION",
28
+ "bin/enchant",
29
+ "enchant.gemspec",
30
+ "lib/enchant.rb",
31
+ "test/test_enchant.rb"
32
+ ]
33
+ s.homepage = %q{http://github.com/thesp0nge/enchant}
34
+ s.rdoc_options = ["--charset=UTF-8"]
35
+ s.require_paths = ["lib"]
36
+ s.rubygems_version = %q{1.3.7}
37
+ s.summary = %q{Your magical web application fuzzer}
38
+ s.test_files = [
39
+ "test/test_enchant.rb"
40
+ ]
41
+
42
+ if s.respond_to? :specification_version then
43
+ current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
44
+ s.specification_version = 3
45
+
46
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
47
+ s.add_runtime_dependency(%q<ruby-progressbar>, [">= 0"])
48
+ else
49
+ s.add_dependency(%q<ruby-progressbar>, [">= 0"])
50
+ end
51
+ else
52
+ s.add_dependency(%q<ruby-progressbar>, [">= 0"])
53
+ end
54
+ end
55
+
data/lib/enchant.rb ADDED
@@ -0,0 +1,65 @@
1
+ require 'rubygems'
2
+ require 'net/http'
3
+ require 'uri'
4
+
5
+
6
+ class Enchant
7
+ attr_reader :host, :port, :server, :code
8
+
9
+ VERSION = '0.1.0'
10
+
11
+ def initialize(url)
12
+ tmp = URI.parse(url)
13
+ @host = tmp.host
14
+ @port = tmp.port
15
+ end
16
+
17
+ def list(wordlist)
18
+ begin
19
+ File.open(wordlist, 'r') { |f|
20
+ @list = f.readlines
21
+ }
22
+ rescue Errno::ENOENT
23
+ puts "It seems the wordlist file is not present (#{wordlist})"
24
+ @list = nil
25
+ end
26
+ end
27
+
28
+ def fuzz(*)
29
+ # in future some perturbation will be done here
30
+ @list
31
+ end
32
+
33
+ def get(path)
34
+ http = Net::HTTP.new(host, port)
35
+ begin
36
+ response = http.get(path)
37
+ @code = response.code
38
+ rescue Net::HTTPBadResponse
39
+ puts #{$!}
40
+ @code=-1
41
+ rescue Errno::ETIMEDOUT
42
+ puts #{$!}
43
+ @code=-1
44
+ end
45
+ end
46
+
47
+ def ping(*)
48
+ Net::HTTP.start(host, port) { |http|
49
+ response = http.head("/")
50
+ response.each { |key,val|
51
+ if "server" == key
52
+ @server=val
53
+ end
54
+ }
55
+ }
56
+ end
57
+
58
+ def to_s()
59
+ "Enchant v"+VERSION+" - (C) 2010, thesp0nge@gmail.com"
60
+ end
61
+
62
+ def self.version()
63
+ "Enchant v"+VERSION
64
+ end
65
+ end
@@ -0,0 +1,8 @@
1
+ require "test/unit"
2
+ require "enchant"
3
+
4
+ class TestEnchant < Test::Unit::TestCase
5
+ def test_sanity
6
+ flunk "write tests or I will kneecap you"
7
+ end
8
+ end
metadata ADDED
@@ -0,0 +1,90 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: enchant
3
+ version: !ruby/object:Gem::Version
4
+ hash: 27
5
+ prerelease: false
6
+ segments:
7
+ - 0
8
+ - 1
9
+ - 0
10
+ version: 0.1.0
11
+ platform: ruby
12
+ authors:
13
+ - Paolo Perego
14
+ autorequire:
15
+ bindir: bin
16
+ cert_chain: []
17
+
18
+ date: 2010-05-19 00:00:00 +02:00
19
+ default_executable: enchant
20
+ dependencies:
21
+ - !ruby/object:Gem::Dependency
22
+ name: ruby-progressbar
23
+ prerelease: false
24
+ requirement: &id001 !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ">="
28
+ - !ruby/object:Gem::Version
29
+ hash: 3
30
+ segments:
31
+ - 0
32
+ version: "0"
33
+ type: :runtime
34
+ version_requirements: *id001
35
+ description: Enchant is tool aimed to discover web application directory and pages by fuzzing the requests using a dictionary approach
36
+ email: paolo@armoredcode.com
37
+ executables:
38
+ - enchant
39
+ extensions: []
40
+
41
+ extra_rdoc_files:
42
+ - ChangeLog
43
+ - README.txt
44
+ files:
45
+ - .gitignore
46
+ - COPYING
47
+ - ChangeLog
48
+ - README.txt
49
+ - Rakefile
50
+ - VERSION
51
+ - bin/enchant
52
+ - enchant.gemspec
53
+ - lib/enchant.rb
54
+ - test/test_enchant.rb
55
+ has_rdoc: true
56
+ homepage: http://github.com/thesp0nge/enchant
57
+ licenses: []
58
+
59
+ post_install_message:
60
+ rdoc_options:
61
+ - --charset=UTF-8
62
+ require_paths:
63
+ - lib
64
+ required_ruby_version: !ruby/object:Gem::Requirement
65
+ none: false
66
+ requirements:
67
+ - - ">="
68
+ - !ruby/object:Gem::Version
69
+ hash: 3
70
+ segments:
71
+ - 0
72
+ version: "0"
73
+ required_rubygems_version: !ruby/object:Gem::Requirement
74
+ none: false
75
+ requirements:
76
+ - - ">="
77
+ - !ruby/object:Gem::Version
78
+ hash: 3
79
+ segments:
80
+ - 0
81
+ version: "0"
82
+ requirements: []
83
+
84
+ rubyforge_project:
85
+ rubygems_version: 1.3.7
86
+ signing_key:
87
+ specification_version: 3
88
+ summary: Your magical web application fuzzer
89
+ test_files:
90
+ - test/test_enchant.rb