enchant 0.99.0 → 1.0.0.pre1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. data/Gemfile +1 -2
  2. data/Gemfile.lock +2 -3
  3. data/LICENSE.txt +20 -0
  4. data/README.md +71 -0
  5. data/Rakefile +61 -15
  6. data/VERSION +1 -1
  7. data/bin/enchant +26 -127
  8. data/db/directory-list-1.0.txt +141708 -0
  9. data/db/directory-list-2.3-medium.txt +220560 -0
  10. data/db/directory-list-2.3-small.txt +87664 -0
  11. data/lib/enchant/engine.rb +106 -46
  12. data/lib/enchant/version.rb +9 -85
  13. data/spec/enchant_spec.rb +8 -0
  14. data/spec/spec_helper.rb +12 -0
  15. metadata +53 -47
  16. data/README.textile +0 -93
  17. data/enchant.gemspec +0 -81
data/README.textile DELETED
@@ -1,93 +0,0 @@
1
- h1. enchant
2
-
3
- h2. Introdution
4
-
5
- Enchant is is tool aimed to discover web application directory and pages by fuzzing the requests using a
6
- dictionary approach.
7
-
8
- The purpose is for security guys to discover a web application exposed paths without knowing anything about
9
- the app they have to test.
10
-
11
- Enchant doesn't perform any DoS attack (unless used as HTTP flooder, but please use it only for the systems
12
- you're allowed to), it plays just with HTTP GET observing the return code.
13
-
14
- Please be ethical and use this tool only against website you're allowed to stress test.
15
-
16
- h2. Usage
17
-
18
- h3. HTTP Flooder
19
-
20
- You can use enchant to flood you web server with HTTP GET / requests in order to test performance and/or stress stess your app.
21
- You can do this with the following
22
-
23
- <pre>
24
- bin/enchant -f 20 -H localhost -p 80
25
- </pre>
26
-
27
-
28
- This one tells enchant to flood (<code>-f</code>) the host localhost (<code>-H</code>) onto port 80 (<code>-p</code>). The number of flooding requests is the -f parameter argument, that is required.
29
-
30
- Of course you can also use
31
-
32
- <pre>
33
- bin/enchant -f 20 www.some.org
34
- </pre>
35
-
36
- h3. Fuzzer
37
-
38
- You can use enchant to discover web application folders just specifying the URL and using a default wordlist file called basic.txt (not yet provided)
39
-
40
- <pre>
41
- bin/enchant www.some.org
42
- </pre>
43
-
44
- Or you can also use the wordlist you love most
45
-
46
- <pre>
47
- bin/enchant -w mylist.txt www.some.org
48
- </pre>
49
-
50
- h3. Ping
51
-
52
- Starting from version 0.4.0 you can also ping the remote web server to see if it's alive (return code 200) or not.
53
-
54
- <pre>
55
- bin/enchant -P http://www.some.org
56
- </pre>
57
-
58
- h2. Install
59
-
60
- <pre>sudo gem install enchant</pre>
61
-
62
- h2. Develop
63
-
64
- If you want to help in developing enchant, please fork the project, go on in hacking, submit me the patches
65
- and I'll merge into the main repo.
66
-
67
- h2. License
68
-
69
- [The "BSD licence"]
70
- Copyright (c) 2010 Paolo Perego, paolo@armoredcode.com
71
- All rights reserved.
72
-
73
- Redistribution and use in source and binary forms, with or without
74
- modification, are permitted provided that the following conditions
75
- are met:
76
- 1. Redistributions of source code must retain the above copyright
77
- notice, this list of conditions and the following disclaimer.
78
- 2. Redistributions in binary form must reproduce the above copyright
79
- notice, this list of conditions and the following disclaimer in the
80
- documentation and/or other materials provided with the distribution.
81
- 3. The name of the author may not be used to endorse or promote products
82
- derived from this software without specific prior written permission.
83
-
84
- THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
85
- IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
86
- OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
87
- IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
88
- INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
89
- NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
90
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
91
- THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
92
- INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
93
- THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
data/enchant.gemspec DELETED
@@ -1,81 +0,0 @@
1
- # Generated by jeweler
2
- # DO NOT EDIT THIS FILE DIRECTLY
3
- # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
- # -*- encoding: utf-8 -*-
5
-
6
- Gem::Specification.new do |s|
7
- s.name = "enchant"
8
- s.version = "0.99.0"
9
-
10
- s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
- s.authors = ["Paolo Perego"]
12
- s.date = "2012-01-08"
13
- s.description = "Enchant is tool aimed to discover web application directory and pages by fuzzing the requests using a dictionary approach"
14
- s.email = "paolo@armoredcode.com"
15
- s.executables = ["enchant"]
16
- s.extra_rdoc_files = [
17
- "ChangeLog",
18
- "README.textile"
19
- ]
20
- s.files = [
21
- "COPYING",
22
- "ChangeLog",
23
- "Gemfile",
24
- "Gemfile.lock",
25
- "README.textile",
26
- "Rakefile",
27
- "VERSION",
28
- "bin/enchant",
29
- "enchant.gemspec",
30
- "lib/enchant.rb",
31
- "lib/enchant/engine.rb",
32
- "lib/enchant/version.rb"
33
- ]
34
- s.homepage = "http://github.com/thesp0nge/enchant"
35
- s.require_paths = ["lib"]
36
- s.rubygems_version = "1.8.10"
37
- s.summary = "Your magical web application fuzzer"
38
-
39
- if s.respond_to? :specification_version then
40
- s.specification_version = 3
41
-
42
- if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
43
- s.add_runtime_dependency(%q<rainbow>, [">= 0"])
44
- s.add_runtime_dependency(%q<progressbar>, [">= 0"])
45
- s.add_runtime_dependency(%q<awesome_print>, [">= 0"])
46
- s.add_runtime_dependency(%q<rake>, [">= 0"])
47
- s.add_development_dependency(%q<rspec>, ["~> 2.3.0"])
48
- s.add_development_dependency(%q<yard>, ["~> 0.6.0"])
49
- s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
50
- s.add_development_dependency(%q<jeweler>, ["~> 1.6.0"])
51
- s.add_development_dependency(%q<rcov>, [">= 0"])
52
- s.add_runtime_dependency(%q<ruby-progressbar>, [">= 0"])
53
- s.add_runtime_dependency(%q<rainbow>, [">= 0"])
54
- else
55
- s.add_dependency(%q<rainbow>, [">= 0"])
56
- s.add_dependency(%q<progressbar>, [">= 0"])
57
- s.add_dependency(%q<awesome_print>, [">= 0"])
58
- s.add_dependency(%q<rake>, [">= 0"])
59
- s.add_dependency(%q<rspec>, ["~> 2.3.0"])
60
- s.add_dependency(%q<yard>, ["~> 0.6.0"])
61
- s.add_dependency(%q<bundler>, ["~> 1.0.0"])
62
- s.add_dependency(%q<jeweler>, ["~> 1.6.0"])
63
- s.add_dependency(%q<rcov>, [">= 0"])
64
- s.add_dependency(%q<ruby-progressbar>, [">= 0"])
65
- s.add_dependency(%q<rainbow>, [">= 0"])
66
- end
67
- else
68
- s.add_dependency(%q<rainbow>, [">= 0"])
69
- s.add_dependency(%q<progressbar>, [">= 0"])
70
- s.add_dependency(%q<awesome_print>, [">= 0"])
71
- s.add_dependency(%q<rake>, [">= 0"])
72
- s.add_dependency(%q<rspec>, ["~> 2.3.0"])
73
- s.add_dependency(%q<yard>, ["~> 0.6.0"])
74
- s.add_dependency(%q<bundler>, ["~> 1.0.0"])
75
- s.add_dependency(%q<jeweler>, ["~> 1.6.0"])
76
- s.add_dependency(%q<rcov>, [">= 0"])
77
- s.add_dependency(%q<ruby-progressbar>, [">= 0"])
78
- s.add_dependency(%q<rainbow>, [">= 0"])
79
- end
80
- end
81
-