hitman 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a6a5e4c277a70f15b092f88487d8ba8654b29a84
+  data.tar.gz: cb5e4d1b018be1f34e0258f4af2b44c93afa8de5
+SHA512:
+  metadata.gz: 66fc72fbbcb27cc1c4fa26642c0b87115b241796c3626c8e4c9f9c662b8e6191fe14cd80230e43bd81839001ca2563f5cc2b84e9517cce70bb28b40eb105e572
+  data.tar.gz: c40dd82ef778bb73a4a2b32af004f072f5912d9677eeafa01de974a33ee81dac05d9c61b79a7a81d7dce9c436efe5048552d222c92ef2e8183db84ddd8dd3be1

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in hitman.gemspec
+gemspec

data/README.md

@@ -0,0 +1,36 @@
+# Hitman
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/hitman`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'hitman'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install hitman
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/hitman.
+

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+end
+
+desc "Run tests"
+task :default => :test

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "hitman"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/hitman.gemspec

@@ -0,0 +1,24 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'hitman/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "hitman"
+  spec.version       = Hitman::VERSION
+  spec.authors       = ["Lukas_Skywalker"]
+  spec.email         = ["lukas.diener@hotmail.com"]
+
+  spec.summary       = "API fuzzing for professionals"
+  spec.description   = "Fuzzes all your API endpoints with the toughest input until it breaks."
+  spec.homepage      = "https://bitbucket.org/Zeilenwerk/hitman"
+  spec.license       = "GPLv3"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 10.0"
+end

data/lib/hitman.rb

@@ -0,0 +1,27 @@
+require "hitman/version"
+require "hitman/fuzzer"
+
+module Hitman
+  class Scanner
+    def scan_grape(target, klass)
+
+      klass.routes.each do |api|
+        route = Hitman::Route.new(api.route_method, api.route_path.split("\(").first)
+        target.routes << route
+        api.route_params.each do |name, details|
+          route.params << Hitman::Param.new(name, details[:type])
+        end
+      end
+      target
+
+    end
+
+    def scan_rails(target, klass)
+      Rails.application.routes.routes.to_a.each do |route|
+        name = route.name
+        path = route.path.spec.to_s.split('\(').first
+        method = route.constraints[:request_method]
+      end
+    end
+  end
+end

data/lib/hitman/fuzzer.rb

@@ -0,0 +1,70 @@
+require 'net/http'
+
+require_relative 'target'
+require_relative 'route'
+require_relative 'param'
+require_relative 'request'
+
+dir = File.dirname(File.dirname(__FILE__))
+
+Dir.glob(dir + '/hitman/iterators/*.rb') do |f|
+  require_relative f
+end
+
+module Hitman
+  class Fuzzer
+    def add_param(url, param_name, param_value)
+      uri = URI(url)
+      params = URI.decode_www_form(uri.query || []) << [param_name, param_value]
+      uri.query = URI.encode_www_form(params)
+      uri.to_s
+    end
+
+    def start(t)
+      puts t
+      puts ""
+
+      t.routes.each do |route|
+        url = t.host + t.prefix + route.url
+        puts "Checking #{url}"
+        iterators = []
+        total_iterations = 1
+        route.params.each do |param|
+          iterator = Kernel.const_get(param.type + 'Iterator').new.get
+          iterators << iterator
+          total_iterations *= iterator.length
+        end
+        next if iterators.empty?
+        iterations = iterators.first.product(*iterators[1..-1]) #splat == #swag
+
+        puts "Total iterations: #{total_iterations}"
+
+        iterations.each do |iteration|
+          uri = URI(url)
+          params = {}
+
+          route.params.each_with_index do |param, i|
+            params[param.name] = iteration[i]
+          end
+
+          if route.method.downcase == 'get'
+            uri.query = URI.encode_www_form(params.merge t.postfix)
+            res = Hitman::Request.get(uri)
+          else
+            uri.query = URI.encode_www_form(t.postfix)
+            payload = params.to_json
+            res = Hitman::Request.post(uri, payload)
+          end
+          if res.code.to_i >= 500 && res.code.to_i <= 599
+            puts "Yay, fu**ed!"
+            puts "URL: #{route.method} #{uri}"
+            puts "Params: #{params.inspect}"
+            puts "Continue?"
+            gets
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/hitman/iterators/date_iterator.rb

@@ -0,0 +1,5 @@
+class DateIterator
+  def get
+    [Date.today, 232454356, "shdsjfsdhfhsd"]
+  end
+end

data/lib/hitman/iterators/hash_iterator.rb

@@ -0,0 +1,5 @@
+class HashIterator
+  def get
+    [{}, {user: 'sfdgh'}, {test: 324783456374563454357667}]
+  end
+end

data/lib/hitman/iterators/integer_iterator.rb

@@ -0,0 +1,10 @@
+class IntegerIterator
+  N_BYTES = [42].pack('i').size
+  N_BITS = N_BYTES * 16
+  MAX = 2 ** (N_BITS - 2) - 1
+  MIN = -MAX - 1
+
+  def get
+    [MIN, -1, 0, 1, MAX]
+  end
+end

data/lib/hitman/iterators/string_iterator.rb

@@ -0,0 +1,9 @@
+class StringIterator
+  def random_string(length)
+    rand(36**length).to_s(36)
+  end
+
+  def get
+    ['', random_string(10), random_string(500)]
+  end
+end

data/lib/hitman/param.rb

@@ -0,0 +1,14 @@
+module Hitman
+  class Param
+    attr_accessor :name, :type
+
+    def initialize(name, type)
+      @name = name
+      @type = type
+    end
+
+    def to_s
+      "#{name}: #{type}"
+    end
+  end
+end

data/lib/hitman/request.rb

@@ -0,0 +1,18 @@
+module Hitman
+  class Request
+    def self.get(uri)
+      Net::HTTP.get_response(uri)
+    end
+
+    def self.post(uri, payload)
+      http = Net::HTTP.new(uri.host, uri.port)
+      request = Net::HTTP::Post.new(
+        uri.request_uri,
+        initheader = {'Content-Type' => 'application/json'}
+      )
+      request.body = payload
+
+      http.request(request)
+    end
+  end
+end

data/lib/hitman/route.rb

@@ -0,0 +1,19 @@
+module Hitman
+  class Route
+    attr_accessor :method, :path, :params
+
+    def initialize(method, path)
+      @method = method
+      @path = path
+      @params = []
+    end
+
+    def url
+      path
+    end
+
+    def to_s
+      "#{method.ljust(10)} #{url.ljust(20)} #{params.join(', ')}"
+    end
+  end
+end

data/lib/hitman/target.rb

@@ -0,0 +1,19 @@
+module Hitman
+  class Target
+    attr_accessor :name, :host, :routes, :prefix, :postfix
+
+    def initialize(name, host)
+      @name = name
+      @host = host
+      @prefix = ''
+      @postfix = ''
+      @routes = []
+    end
+
+    def to_s
+      "Analysis for #{name}\n" +
+      "-------------" + "-" * name.length + "\n" +
+      routes.join("\n")
+    end
+  end
+end

data/lib/hitman/version.rb

@@ -0,0 +1,3 @@
+module Hitman
+  VERSION = "0.1.1"
+end

metadata

@@ -0,0 +1,90 @@
+--- !ruby/object:Gem::Specification
+name: hitman
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Lukas_Skywalker
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2016-02-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: Fuzzes all your API endpoints with the toughest input until it breaks.
+email:
+- lukas.diener@hotmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- hitman.gemspec
+- lib/hitman.rb
+- lib/hitman/fuzzer.rb
+- lib/hitman/iterators/date_iterator.rb
+- lib/hitman/iterators/hash_iterator.rb
+- lib/hitman/iterators/integer_iterator.rb
+- lib/hitman/iterators/string_iterator.rb
+- lib/hitman/param.rb
+- lib/hitman/request.rb
+- lib/hitman/route.rb
+- lib/hitman/target.rb
+- lib/hitman/version.rb
+homepage: https://bitbucket.org/Zeilenwerk/hitman
+licenses:
+- GPLv3
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.3
+signing_key: 
+specification_version: 4
+summary: API fuzzing for professionals
+test_files: []