enchant 0.1.0 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
data/.gitignore CHANGED
@@ -1 +1,4 @@
1
+ .autotest
1
2
  doc/*
3
+ pkg/
4
+
data/ChangeLog CHANGED
@@ -1,3 +1,18 @@
1
+ -- 0.3.0 --
2
+
3
+ 2010-06-25 Paolo Perego <thesp0nge@gmail.com>
4
+
5
+ * lib/enchant.rb, bin/enchant (): adding -H, -p option to override URI parsing that checks TLD sanity
6
+
7
+ 2010-06-24 Paolo Perego <thesp0nge@gmail.com>
8
+ * bin/enchant (none): adding -f, --flood to perform HTTP HEAD flooding requests
9
+
10
+ -- 0.1.0 --
11
+ 2010-05-20 Paolo Perego <thesp0nge@gmail.com>
12
+
13
+ * lib/enchant.rb (none): implemented list(), get() and ping() methods
14
+ * bin/enchant (none): command line argument handling and first action... fuzzing against web app directories
15
+
1
16
  2010-05-18 Paolo Perego <thesp0nge@gmail.com>
2
17
 
3
18
  * lib/enchant.rb (none): first typos
@@ -1,35 +1,63 @@
1
- = enchant
1
+ h1. enchant
2
2
 
3
- Enchant is is tool aimed to discover web application directory and pages by
4
- fuzzing the requests using a dictionary approach.
3
+ h2. Introdution
5
4
 
6
- The purpose is for security guys to discover a web application exposed paths
7
- without knowing anything about the app they have to test.
5
+ Enchant is is tool aimed to discover web application directory and pages by fuzzing the requests using a
6
+ dictionary approach.
8
7
 
9
- Enchant doesn't perform any DoS attack, it plays just with HTTP GET observing
10
- the return code. Please be ethical and use this tool only against website
11
- you're allowed to stress test.
8
+ The purpose is for security guys to discover a web application exposed paths without knowing anything about
9
+ the app they have to test.
12
10
 
13
- == SYNOPSIS:
11
+ Enchant doesn't perform any DoS attack (unless used as HTTP flooder, but please use it only for the systems
12
+ you're allowed to), it plays just with HTTP GET observing the return code.
14
13
 
14
+ Please be ethical and use this tool only against website you're allowed to stress test.
15
15
 
16
- == REQUIREMENTS:
16
+ h2. Usage
17
17
 
18
+ h3. HTTP Flooder
18
19
 
19
- == INSTALL:
20
+ You can use enchant to flood you web server with HTTP GET / requests in order to test performance and/or stress stess your app.
21
+ You can do this with the following
20
22
 
21
- 'sudo gem install enchant'
23
+ <pre>
24
+ bin/enchant -f 20 -H localhost -p 80
25
+ </pre>
22
26
 
23
- == DEVELOPERS:
24
27
 
25
- After checking out the source, run:
28
+ This one tells enchant to flood (<code>-f</code>) the host localhost (<code>-H</code>) onto port 80 (<code>-p</code>). The number of flooding requests is the -f parameter argument, that is required.
26
29
 
27
- $ rake newb
30
+ Of course you can also use
28
31
 
29
- This task will install any missing dependencies, run the tests/specs,
30
- and generate the RDoc.
32
+ <pre>
33
+ bin/enchant -f 20 www.some.org
34
+ </pre>
35
+
36
+ h3. Fuzzer
37
+
38
+ You can use enchant to discover web application folders just specifying the URL and using a default wordlist file called basic.txt (not yet provided)
39
+
40
+ <pre>
41
+ bin/enchant www.some.org
42
+ </pre>
43
+
44
+ Or you can also use the wordlist you love most
45
+
46
+ <pre>
47
+ bin/enchant -w mylist.txt www.some.org
48
+ </pre>
49
+
50
+ h2. Install
51
+
52
+ <pre>sudo gem install enchant</pre>
53
+
54
+ h2. Develop
55
+
56
+ If you want to help in developing enchant, please fork the project, go on in hacking, submit me the patches
57
+ and I'll merge into the main repo.
58
+
59
+ h2. License
31
60
 
32
- == LICENSE:
33
61
  [The "BSD licence"]
34
62
  Copyright (c) 2010 Paolo Perego, paolo@armoredcode.com
35
63
  All rights reserved.
data/Rakefile CHANGED
@@ -8,6 +8,7 @@ begin
8
8
  gemspec.homepage = "http://github.com/thesp0nge/enchant"
9
9
  gemspec.authors = ["Paolo Perego"]
10
10
  gemspec.add_dependency('ruby-progressbar')
11
+ gemspec.add_dependency('rainbow')
11
12
  end
12
13
  Jeweler::GemcutterTasks.new
13
14
  rescue LoadError
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.1.0
1
+ 0.3.0
@@ -9,10 +9,17 @@ require 'rdoc/usage'
9
9
  opts = GetoptLong.new(
10
10
  [ '--help', '-h', GetoptLong::NO_ARGUMENT ],
11
11
  [ '--version', '-v', GetoptLong::NO_ARGUMENT ],
12
- [ '--wordlist', '-w', GetoptLong::REQUIRED_ARGUMENT ]
12
+ [ '--flood', '-f', GetoptLong::REQUIRED_ARGUMENT],
13
+ [ '--wordlist', '-w', GetoptLong::REQUIRED_ARGUMENT ],
14
+ [ '--host', '-H', GetoptLong::REQUIRED_ARGUMENT],
15
+ [ '--port', '-p', GetoptLong::REQUIRED_ARGUMENT]
13
16
  )
14
17
 
18
+ flood = -1
15
19
  wordlist = 'basic.txt'
20
+ host = nil
21
+ port = nil
22
+
16
23
  opts.each do |opt, arg|
17
24
  case opt
18
25
  when '--help'
@@ -21,6 +28,16 @@ opts.each do |opt, arg|
21
28
  when '--version'
22
29
  puts Enchant.version
23
30
  exit 0
31
+ when '--flood'
32
+ flood = arg.to_i
33
+ if flood <= 0
34
+ puts 'can\'t flood negative requests'
35
+ exit 1
36
+ end
37
+ when '--host'
38
+ host = arg
39
+ when '--port'
40
+ port = arg.to_i
24
41
  when '--wordlist'
25
42
  if arg == ''
26
43
  wordlist = 'basic.txt'
@@ -28,18 +45,43 @@ opts.each do |opt, arg|
28
45
  wordlist = arg
29
46
  end
30
47
  end
31
- end
32
-
33
- if ARGV.length != 1
34
- puts "Missing url argument (try --help)"
35
- exit 0
36
48
  end
37
49
 
38
- url = ARGV.shift
50
+ if host == nil && port == nil
51
+ if ARGV.length != 1
52
+ puts "Missing url argument (try --help)"
53
+ exit 0
54
+ end
39
55
 
56
+ url = ARGV.shift
57
+ e = Enchant.new(url)
58
+
59
+ else
60
+ e = Enchant.new
61
+ e.host = host
62
+ e.port = port
63
+ end
40
64
 
41
- e = Enchant.new(url)
42
65
  puts e
66
+
67
+ if flood != -1
68
+ puts "Flooding "+e.host+" with #{flood} requests"
69
+ if (! e.is_sane?)
70
+ puts 'Automatic url parsing failed, please consider providing such information by hand.'
71
+ exit 1
72
+ end
73
+
74
+ pbar = ProgressBar.new("reqs", flood)
75
+ start_time = Time.now
76
+ (1..flood).each do |i|
77
+ pbar.inc
78
+ e.get('/')
79
+ end
80
+ puts
81
+ puts "flooed in " + (Time.now - start_time).to_s + "s"
82
+ exit 0
83
+ end
84
+
43
85
  puts "Sending probe to #{url}"
44
86
  e.list(wordlist)
45
87
  list = e.fuzz()
@@ -1,28 +1,28 @@
1
1
  # Generated by jeweler
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
- # Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
3
+ # Instead, edit Jeweler::Tasks in rakefile, and run the gemspec command
4
4
  # -*- encoding: utf-8 -*-
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{enchant}
8
- s.version = "0.1.0"
8
+ s.version = "0.3.0"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Paolo Perego"]
12
- s.date = %q{2010-05-19}
12
+ s.date = %q{2010-06-25}
13
13
  s.default_executable = %q{enchant}
14
14
  s.description = %q{Enchant is tool aimed to discover web application directory and pages by fuzzing the requests using a dictionary approach}
15
15
  s.email = %q{paolo@armoredcode.com}
16
16
  s.executables = ["enchant"]
17
17
  s.extra_rdoc_files = [
18
18
  "ChangeLog",
19
- "README.txt"
19
+ "README.textile"
20
20
  ]
21
21
  s.files = [
22
22
  ".gitignore",
23
23
  "COPYING",
24
24
  "ChangeLog",
25
- "README.txt",
25
+ "README.textile",
26
26
  "Rakefile",
27
27
  "VERSION",
28
28
  "bin/enchant",
@@ -45,11 +45,14 @@ Gem::Specification.new do |s|
45
45
 
46
46
  if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
47
47
  s.add_runtime_dependency(%q<ruby-progressbar>, [">= 0"])
48
+ s.add_runtime_dependency(%q<rainbow>, [">= 0"])
48
49
  else
49
50
  s.add_dependency(%q<ruby-progressbar>, [">= 0"])
51
+ s.add_dependency(%q<rainbow>, [">= 0"])
50
52
  end
51
53
  else
52
54
  s.add_dependency(%q<ruby-progressbar>, [">= 0"])
55
+ s.add_dependency(%q<rainbow>, [">= 0"])
53
56
  end
54
57
  end
55
58
 
@@ -4,14 +4,32 @@ require 'uri'
4
4
 
5
5
 
6
6
  class Enchant
7
- attr_reader :host, :port, :server, :code
7
+ attr_reader :server, :code
8
+ attr_accessor :host, :port
8
9
 
9
- VERSION = '0.1.0'
10
+ VERSION = '0.3.0'
10
11
 
11
- def initialize(url)
12
- tmp = URI.parse(url)
13
- @host = tmp.host
14
- @port = tmp.port
12
+ def initialize(*urls)
13
+ url = urls.pop || ""
14
+
15
+
16
+ if url != ""
17
+ tmp = URI.parse(url)
18
+ @host = tmp.host
19
+ @port = tmp.port
20
+
21
+ if @host == nil || @port == nil
22
+ @sane = nil
23
+ else
24
+ @sane = 1
25
+ end
26
+ else
27
+ @sane = 1
28
+ end
29
+ end
30
+
31
+ def is_sane?
32
+ @sane
15
33
  end
16
34
 
17
35
  def list(wordlist)
@@ -52,6 +70,7 @@ class Enchant
52
70
  @server=val
53
71
  end
54
72
  }
73
+
55
74
  }
56
75
  end
57
76
 
@@ -60,6 +79,7 @@ class Enchant
60
79
  end
61
80
 
62
81
  def self.version()
63
- "Enchant v"+VERSION
82
+ @version = File.exist?('VERSION') ? File.read('VERSION') : VERSION
83
+ "Enchant v"+@version
64
84
  end
65
85
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: enchant
3
3
  version: !ruby/object:Gem::Version
4
- hash: 27
4
+ hash: 19
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
- - 1
8
+ - 3
9
9
  - 0
10
- version: 0.1.0
10
+ version: 0.3.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - Paolo Perego
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2010-05-19 00:00:00 +02:00
18
+ date: 2010-06-25 00:00:00 +02:00
19
19
  default_executable: enchant
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency
@@ -32,6 +32,20 @@ dependencies:
32
32
  version: "0"
33
33
  type: :runtime
34
34
  version_requirements: *id001
35
+ - !ruby/object:Gem::Dependency
36
+ name: rainbow
37
+ prerelease: false
38
+ requirement: &id002 !ruby/object:Gem::Requirement
39
+ none: false
40
+ requirements:
41
+ - - ">="
42
+ - !ruby/object:Gem::Version
43
+ hash: 3
44
+ segments:
45
+ - 0
46
+ version: "0"
47
+ type: :runtime
48
+ version_requirements: *id002
35
49
  description: Enchant is tool aimed to discover web application directory and pages by fuzzing the requests using a dictionary approach
36
50
  email: paolo@armoredcode.com
37
51
  executables:
@@ -40,12 +54,12 @@ extensions: []
40
54
 
41
55
  extra_rdoc_files:
42
56
  - ChangeLog
43
- - README.txt
57
+ - README.textile
44
58
  files:
45
59
  - .gitignore
46
60
  - COPYING
47
61
  - ChangeLog
48
- - README.txt
62
+ - README.textile
49
63
  - Rakefile
50
64
  - VERSION
51
65
  - bin/enchant