enchant 0.99.0 → 1.0.0.pre1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (17) hide show
  1. data/Gemfile +1 -2
  2. data/Gemfile.lock +2 -3
  3. data/LICENSE.txt +20 -0
  4. data/README.md +71 -0
  5. data/Rakefile +61 -15
  6. data/VERSION +1 -1
  7. data/bin/enchant +26 -127
  8. data/db/directory-list-1.0.txt +141708 -0
  9. data/db/directory-list-2.3-medium.txt +220560 -0
  10. data/db/directory-list-2.3-small.txt +87664 -0
  11. data/lib/enchant/engine.rb +106 -46
  12. data/lib/enchant/version.rb +9 -85
  13. data/spec/enchant_spec.rb +8 -0
  14. data/spec/spec_helper.rb +12 -0
  15. metadata +53 -47
  16. data/README.textile +0 -93
  17. data/enchant.gemspec +0 -81
data/README.textile DELETED
@@ -1,93 +0,0 @@
1
- h1. enchant
2
-
3
- h2. Introdution
4
-
5
- Enchant is is tool aimed to discover web application directory and pages by fuzzing the requests using a
6
- dictionary approach.
7
-
8
- The purpose is for security guys to discover a web application exposed paths without knowing anything about
9
- the app they have to test.
10
-
11
- Enchant doesn't perform any DoS attack (unless used as HTTP flooder, but please use it only for the systems
12
- you're allowed to), it plays just with HTTP GET observing the return code.
13
-
14
- Please be ethical and use this tool only against website you're allowed to stress test.
15
-
16
- h2. Usage
17
-
18
- h3. HTTP Flooder
19
-
20
- You can use enchant to flood you web server with HTTP GET / requests in order to test performance and/or stress stess your app.
21
- You can do this with the following
22
-
23
- <pre>
24
- bin/enchant -f 20 -H localhost -p 80
25
- </pre>
26
-
27
-
28
- This one tells enchant to flood (<code>-f</code>) the host localhost (<code>-H</code>) onto port 80 (<code>-p</code>). The number of flooding requests is the -f parameter argument, that is required.
29
-
30
- Of course you can also use
31
-
32
- <pre>
33
- bin/enchant -f 20 www.some.org
34
- </pre>
35
-
36
- h3. Fuzzer
37
-
38
- You can use enchant to discover web application folders just specifying the URL and using a default wordlist file called basic.txt (not yet provided)
39
-
40
- <pre>
41
- bin/enchant www.some.org
42
- </pre>
43
-
44
- Or you can also use the wordlist you love most
45
-
46
- <pre>
47
- bin/enchant -w mylist.txt www.some.org
48
- </pre>
49
-
50
- h3. Ping
51
-
52
- Starting from version 0.4.0 you can also ping the remote web server to see if it's alive (return code 200) or not.
53
-
54
- <pre>
55
- bin/enchant -P http://www.some.org
56
- </pre>
57
-
58
- h2. Install
59
-
60
- <pre>sudo gem install enchant</pre>
61
-
62
- h2. Develop
63
-
64
- If you want to help in developing enchant, please fork the project, go on in hacking, submit me the patches
65
- and I'll merge into the main repo.
66
-
67
- h2. License
68
-
69
- [The "BSD licence"]
70
- Copyright (c) 2010 Paolo Perego, paolo@armoredcode.com
71
- All rights reserved.
72
-
73
- Redistribution and use in source and binary forms, with or without
74
- modification, are permitted provided that the following conditions
75
- are met:
76
- 1. Redistributions of source code must retain the above copyright
77
- notice, this list of conditions and the following disclaimer.
78
- 2. Redistributions in binary form must reproduce the above copyright
79
- notice, this list of conditions and the following disclaimer in the
80
- documentation and/or other materials provided with the distribution.
81
- 3. The name of the author may not be used to endorse or promote products
82
- derived from this software without specific prior written permission.
83
-
84
- THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
85
- IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
86
- OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
87
- IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
88
- INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
89
- NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
90
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
91
- THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
92
- INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
93
- THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
data/enchant.gemspec DELETED
@@ -1,81 +0,0 @@
1
- # Generated by jeweler
2
- # DO NOT EDIT THIS FILE DIRECTLY
3
- # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
- # -*- encoding: utf-8 -*-
5
-
6
- Gem::Specification.new do |s|
7
- s.name = "enchant"
8
- s.version = "0.99.0"
9
-
10
- s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
- s.authors = ["Paolo Perego"]
12
- s.date = "2012-01-08"
13
- s.description = "Enchant is tool aimed to discover web application directory and pages by fuzzing the requests using a dictionary approach"
14
- s.email = "paolo@armoredcode.com"
15
- s.executables = ["enchant"]
16
- s.extra_rdoc_files = [
17
- "ChangeLog",
18
- "README.textile"
19
- ]
20
- s.files = [
21
- "COPYING",
22
- "ChangeLog",
23
- "Gemfile",
24
- "Gemfile.lock",
25
- "README.textile",
26
- "Rakefile",
27
- "VERSION",
28
- "bin/enchant",
29
- "enchant.gemspec",
30
- "lib/enchant.rb",
31
- "lib/enchant/engine.rb",
32
- "lib/enchant/version.rb"
33
- ]
34
- s.homepage = "http://github.com/thesp0nge/enchant"
35
- s.require_paths = ["lib"]
36
- s.rubygems_version = "1.8.10"
37
- s.summary = "Your magical web application fuzzer"
38
-
39
- if s.respond_to? :specification_version then
40
- s.specification_version = 3
41
-
42
- if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
43
- s.add_runtime_dependency(%q<rainbow>, [">= 0"])
44
- s.add_runtime_dependency(%q<progressbar>, [">= 0"])
45
- s.add_runtime_dependency(%q<awesome_print>, [">= 0"])
46
- s.add_runtime_dependency(%q<rake>, [">= 0"])
47
- s.add_development_dependency(%q<rspec>, ["~> 2.3.0"])
48
- s.add_development_dependency(%q<yard>, ["~> 0.6.0"])
49
- s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
50
- s.add_development_dependency(%q<jeweler>, ["~> 1.6.0"])
51
- s.add_development_dependency(%q<rcov>, [">= 0"])
52
- s.add_runtime_dependency(%q<ruby-progressbar>, [">= 0"])
53
- s.add_runtime_dependency(%q<rainbow>, [">= 0"])
54
- else
55
- s.add_dependency(%q<rainbow>, [">= 0"])
56
- s.add_dependency(%q<progressbar>, [">= 0"])
57
- s.add_dependency(%q<awesome_print>, [">= 0"])
58
- s.add_dependency(%q<rake>, [">= 0"])
59
- s.add_dependency(%q<rspec>, ["~> 2.3.0"])
60
- s.add_dependency(%q<yard>, ["~> 0.6.0"])
61
- s.add_dependency(%q<bundler>, ["~> 1.0.0"])
62
- s.add_dependency(%q<jeweler>, ["~> 1.6.0"])
63
- s.add_dependency(%q<rcov>, [">= 0"])
64
- s.add_dependency(%q<ruby-progressbar>, [">= 0"])
65
- s.add_dependency(%q<rainbow>, [">= 0"])
66
- end
67
- else
68
- s.add_dependency(%q<rainbow>, [">= 0"])
69
- s.add_dependency(%q<progressbar>, [">= 0"])
70
- s.add_dependency(%q<awesome_print>, [">= 0"])
71
- s.add_dependency(%q<rake>, [">= 0"])
72
- s.add_dependency(%q<rspec>, ["~> 2.3.0"])
73
- s.add_dependency(%q<yard>, ["~> 0.6.0"])
74
- s.add_dependency(%q<bundler>, ["~> 1.0.0"])
75
- s.add_dependency(%q<jeweler>, ["~> 1.6.0"])
76
- s.add_dependency(%q<rcov>, [">= 0"])
77
- s.add_dependency(%q<ruby-progressbar>, [">= 0"])
78
- s.add_dependency(%q<rainbow>, [">= 0"])
79
- end
80
- end
81
-