enchant 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/.gitignore CHANGED
@@ -1 +1,4 @@
1
+ .autotest
1
2
  doc/*
3
+ pkg/
4
+
data/ChangeLog CHANGED
@@ -1,3 +1,18 @@
1
+ -- 0.3.0 --
2
+
3
+ 2010-06-25 Paolo Perego <thesp0nge@gmail.com>
4
+
5
+ * lib/enchant.rb, bin/enchant (): adding -H, -p option to override URI parsing that checks TLD sanity
6
+
7
+ 2010-06-24 Paolo Perego <thesp0nge@gmail.com>
8
+ * bin/enchant (none): adding -f, --flood to perform HTTP HEAD flooding requests
9
+
10
+ -- 0.1.0 --
11
+ 2010-05-20 Paolo Perego <thesp0nge@gmail.com>
12
+
13
+ * lib/enchant.rb (none): implemented list(), get() and ping() methods
14
+ * bin/enchant (none): command line argument handling and first action... fuzzing against web app directories
15
+
1
16
  2010-05-18 Paolo Perego <thesp0nge@gmail.com>
2
17
 
3
18
  * lib/enchant.rb (none): first typos
@@ -1,35 +1,63 @@
1
- = enchant
1
+ h1. enchant
2
2
 
3
- Enchant is is tool aimed to discover web application directory and pages by
4
- fuzzing the requests using a dictionary approach.
3
+ h2. Introdution
5
4
 
6
- The purpose is for security guys to discover a web application exposed paths
7
- without knowing anything about the app they have to test.
5
+ Enchant is is tool aimed to discover web application directory and pages by fuzzing the requests using a
6
+ dictionary approach.
8
7
 
9
- Enchant doesn't perform any DoS attack, it plays just with HTTP GET observing
10
- the return code. Please be ethical and use this tool only against website
11
- you're allowed to stress test.
8
+ The purpose is for security guys to discover a web application exposed paths without knowing anything about
9
+ the app they have to test.
12
10
 
13
- == SYNOPSIS:
11
+ Enchant doesn't perform any DoS attack (unless used as HTTP flooder, but please use it only for the systems
12
+ you're allowed to), it plays just with HTTP GET observing the return code.
14
13
 
14
+ Please be ethical and use this tool only against website you're allowed to stress test.
15
15
 
16
- == REQUIREMENTS:
16
+ h2. Usage
17
17
 
18
+ h3. HTTP Flooder
18
19
 
19
- == INSTALL:
20
+ You can use enchant to flood you web server with HTTP GET / requests in order to test performance and/or stress stess your app.
21
+ You can do this with the following
20
22
 
21
- 'sudo gem install enchant'
23
+ <pre>
24
+ bin/enchant -f 20 -H localhost -p 80
25
+ </pre>
22
26
 
23
- == DEVELOPERS:
24
27
 
25
- After checking out the source, run:
28
+ This one tells enchant to flood (<code>-f</code>) the host localhost (<code>-H</code>) onto port 80 (<code>-p</code>). The number of flooding requests is the -f parameter argument, that is required.
26
29
 
27
- $ rake newb
30
+ Of course you can also use
28
31
 
29
- This task will install any missing dependencies, run the tests/specs,
30
- and generate the RDoc.
32
+ <pre>
33
+ bin/enchant -f 20 www.some.org
34
+ </pre>
35
+
36
+ h3. Fuzzer
37
+
38
+ You can use enchant to discover web application folders just specifying the URL and using a default wordlist file called basic.txt (not yet provided)
39
+
40
+ <pre>
41
+ bin/enchant www.some.org
42
+ </pre>
43
+
44
+ Or you can also use the wordlist you love most
45
+
46
+ <pre>
47
+ bin/enchant -w mylist.txt www.some.org
48
+ </pre>
49
+
50
+ h2. Install
51
+
52
+ <pre>sudo gem install enchant</pre>
53
+
54
+ h2. Develop
55
+
56
+ If you want to help in developing enchant, please fork the project, go on in hacking, submit me the patches
57
+ and I'll merge into the main repo.
58
+
59
+ h2. License
31
60
 
32
- == LICENSE:
33
61
  [The "BSD licence"]
34
62
  Copyright (c) 2010 Paolo Perego, paolo@armoredcode.com
35
63
  All rights reserved.
data/Rakefile CHANGED
@@ -8,6 +8,7 @@ begin
8
8
  gemspec.homepage = "http://github.com/thesp0nge/enchant"
9
9
  gemspec.authors = ["Paolo Perego"]
10
10
  gemspec.add_dependency('ruby-progressbar')
11
+ gemspec.add_dependency('rainbow')
11
12
  end
12
13
  Jeweler::GemcutterTasks.new
13
14
  rescue LoadError
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.1.0
1
+ 0.3.0
@@ -9,10 +9,17 @@ require 'rdoc/usage'
9
9
  opts = GetoptLong.new(
10
10
  [ '--help', '-h', GetoptLong::NO_ARGUMENT ],
11
11
  [ '--version', '-v', GetoptLong::NO_ARGUMENT ],
12
- [ '--wordlist', '-w', GetoptLong::REQUIRED_ARGUMENT ]
12
+ [ '--flood', '-f', GetoptLong::REQUIRED_ARGUMENT],
13
+ [ '--wordlist', '-w', GetoptLong::REQUIRED_ARGUMENT ],
14
+ [ '--host', '-H', GetoptLong::REQUIRED_ARGUMENT],
15
+ [ '--port', '-p', GetoptLong::REQUIRED_ARGUMENT]
13
16
  )
14
17
 
18
+ flood = -1
15
19
  wordlist = 'basic.txt'
20
+ host = nil
21
+ port = nil
22
+
16
23
  opts.each do |opt, arg|
17
24
  case opt
18
25
  when '--help'
@@ -21,6 +28,16 @@ opts.each do |opt, arg|
21
28
  when '--version'
22
29
  puts Enchant.version
23
30
  exit 0
31
+ when '--flood'
32
+ flood = arg.to_i
33
+ if flood <= 0
34
+ puts 'can\'t flood negative requests'
35
+ exit 1
36
+ end
37
+ when '--host'
38
+ host = arg
39
+ when '--port'
40
+ port = arg.to_i
24
41
  when '--wordlist'
25
42
  if arg == ''
26
43
  wordlist = 'basic.txt'
@@ -28,18 +45,43 @@ opts.each do |opt, arg|
28
45
  wordlist = arg
29
46
  end
30
47
  end
31
- end
32
-
33
- if ARGV.length != 1
34
- puts "Missing url argument (try --help)"
35
- exit 0
36
48
  end
37
49
 
38
- url = ARGV.shift
50
+ if host == nil && port == nil
51
+ if ARGV.length != 1
52
+ puts "Missing url argument (try --help)"
53
+ exit 0
54
+ end
39
55
 
56
+ url = ARGV.shift
57
+ e = Enchant.new(url)
58
+
59
+ else
60
+ e = Enchant.new
61
+ e.host = host
62
+ e.port = port
63
+ end
40
64
 
41
- e = Enchant.new(url)
42
65
  puts e
66
+
67
+ if flood != -1
68
+ puts "Flooding "+e.host+" with #{flood} requests"
69
+ if (! e.is_sane?)
70
+ puts 'Automatic url parsing failed, please consider providing such information by hand.'
71
+ exit 1
72
+ end
73
+
74
+ pbar = ProgressBar.new("reqs", flood)
75
+ start_time = Time.now
76
+ (1..flood).each do |i|
77
+ pbar.inc
78
+ e.get('/')
79
+ end
80
+ puts
81
+ puts "flooed in " + (Time.now - start_time).to_s + "s"
82
+ exit 0
83
+ end
84
+
43
85
  puts "Sending probe to #{url}"
44
86
  e.list(wordlist)
45
87
  list = e.fuzz()
@@ -1,28 +1,28 @@
1
1
  # Generated by jeweler
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
- # Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
3
+ # Instead, edit Jeweler::Tasks in rakefile, and run the gemspec command
4
4
  # -*- encoding: utf-8 -*-
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{enchant}
8
- s.version = "0.1.0"
8
+ s.version = "0.3.0"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Paolo Perego"]
12
- s.date = %q{2010-05-19}
12
+ s.date = %q{2010-06-25}
13
13
  s.default_executable = %q{enchant}
14
14
  s.description = %q{Enchant is tool aimed to discover web application directory and pages by fuzzing the requests using a dictionary approach}
15
15
  s.email = %q{paolo@armoredcode.com}
16
16
  s.executables = ["enchant"]
17
17
  s.extra_rdoc_files = [
18
18
  "ChangeLog",
19
- "README.txt"
19
+ "README.textile"
20
20
  ]
21
21
  s.files = [
22
22
  ".gitignore",
23
23
  "COPYING",
24
24
  "ChangeLog",
25
- "README.txt",
25
+ "README.textile",
26
26
  "Rakefile",
27
27
  "VERSION",
28
28
  "bin/enchant",
@@ -45,11 +45,14 @@ Gem::Specification.new do |s|
45
45
 
46
46
  if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
47
47
  s.add_runtime_dependency(%q<ruby-progressbar>, [">= 0"])
48
+ s.add_runtime_dependency(%q<rainbow>, [">= 0"])
48
49
  else
49
50
  s.add_dependency(%q<ruby-progressbar>, [">= 0"])
51
+ s.add_dependency(%q<rainbow>, [">= 0"])
50
52
  end
51
53
  else
52
54
  s.add_dependency(%q<ruby-progressbar>, [">= 0"])
55
+ s.add_dependency(%q<rainbow>, [">= 0"])
53
56
  end
54
57
  end
55
58
 
@@ -4,14 +4,32 @@ require 'uri'
4
4
 
5
5
 
6
6
  class Enchant
7
- attr_reader :host, :port, :server, :code
7
+ attr_reader :server, :code
8
+ attr_accessor :host, :port
8
9
 
9
- VERSION = '0.1.0'
10
+ VERSION = '0.3.0'
10
11
 
11
- def initialize(url)
12
- tmp = URI.parse(url)
13
- @host = tmp.host
14
- @port = tmp.port
12
+ def initialize(*urls)
13
+ url = urls.pop || ""
14
+
15
+
16
+ if url != ""
17
+ tmp = URI.parse(url)
18
+ @host = tmp.host
19
+ @port = tmp.port
20
+
21
+ if @host == nil || @port == nil
22
+ @sane = nil
23
+ else
24
+ @sane = 1
25
+ end
26
+ else
27
+ @sane = 1
28
+ end
29
+ end
30
+
31
+ def is_sane?
32
+ @sane
15
33
  end
16
34
 
17
35
  def list(wordlist)
@@ -52,6 +70,7 @@ class Enchant
52
70
  @server=val
53
71
  end
54
72
  }
73
+
55
74
  }
56
75
  end
57
76
 
@@ -60,6 +79,7 @@ class Enchant
60
79
  end
61
80
 
62
81
  def self.version()
63
- "Enchant v"+VERSION
82
+ @version = File.exist?('VERSION') ? File.read('VERSION') : VERSION
83
+ "Enchant v"+@version
64
84
  end
65
85
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: enchant
3
3
  version: !ruby/object:Gem::Version
4
- hash: 27
4
+ hash: 19
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
- - 1
8
+ - 3
9
9
  - 0
10
- version: 0.1.0
10
+ version: 0.3.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - Paolo Perego
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2010-05-19 00:00:00 +02:00
18
+ date: 2010-06-25 00:00:00 +02:00
19
19
  default_executable: enchant
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency
@@ -32,6 +32,20 @@ dependencies:
32
32
  version: "0"
33
33
  type: :runtime
34
34
  version_requirements: *id001
35
+ - !ruby/object:Gem::Dependency
36
+ name: rainbow
37
+ prerelease: false
38
+ requirement: &id002 !ruby/object:Gem::Requirement
39
+ none: false
40
+ requirements:
41
+ - - ">="
42
+ - !ruby/object:Gem::Version
43
+ hash: 3
44
+ segments:
45
+ - 0
46
+ version: "0"
47
+ type: :runtime
48
+ version_requirements: *id002
35
49
  description: Enchant is tool aimed to discover web application directory and pages by fuzzing the requests using a dictionary approach
36
50
  email: paolo@armoredcode.com
37
51
  executables:
@@ -40,12 +54,12 @@ extensions: []
40
54
 
41
55
  extra_rdoc_files:
42
56
  - ChangeLog
43
- - README.txt
57
+ - README.textile
44
58
  files:
45
59
  - .gitignore
46
60
  - COPYING
47
61
  - ChangeLog
48
- - README.txt
62
+ - README.textile
49
63
  - Rakefile
50
64
  - VERSION
51
65
  - bin/enchant