hitman 0.1.1 → 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +64 -3
  3. data/lib/hitman/iterators/symbol_iterator.rb +9 -0
  4. data/lib/hitman/version.rb +1 -1
  5. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a6a5e4c277a70f15b092f88487d8ba8654b29a84
4
- data.tar.gz: cb5e4d1b018be1f34e0258f4af2b44c93afa8de5
3
+ metadata.gz: 10c1e35d8dd67d87fc3ba4878e8b42768d40e3cc
4
+ data.tar.gz: 6165050c77f3153e195184a1ba7cde5e9190c8dc
5
5
  SHA512:
6
- metadata.gz: 66fc72fbbcb27cc1c4fa26642c0b87115b241796c3626c8e4c9f9c662b8e6191fe14cd80230e43bd81839001ca2563f5cc2b84e9517cce70bb28b40eb105e572
7
- data.tar.gz: c40dd82ef778bb73a4a2b32af004f072f5912d9677eeafa01de974a33ee81dac05d9c61b79a7a81d7dce9c436efe5048552d222c92ef2e8183db84ddd8dd3be1
6
+ metadata.gz: cb6acce374a2eba3a66e0e984ee468f8dc392ad8378701972a48ab88e8829611f0ee21efda3206ee4b5f0b8913e13ea24ef9671e0376e483b8f2d4594d227aed
7
+ data.tar.gz: 16ca63b73868706bec235247a3dbf1e91d28ad0e53fce4a4a83954031e394994dd3349d416069ba822f45fa7139b235b366687db31e944c40928f582f2c85f81
data/README.md CHANGED
@@ -22,7 +22,69 @@ Or install it yourself as:
22
22
 
23
23
  ## Usage
24
24
 
25
- TODO: Write usage instructions here
25
+ At the moment, Hitman can only auto-analyse Grape APIs, but if you have any other API, you can still use it by supplying the configuration manually.
26
+
27
+ First, define a target to attack. It is best to run your API locally, for speed reasons.
28
+
29
+ ```ruby
30
+ t = Hitman::Target.new('my api', 'http://localhost:9292')
31
+ ```
32
+
33
+ Hitman needs the name and the address of its target. He's gonna find out the rest. No need for a picture.
34
+
35
+ If your API uses param authentication, you can supply `postfix` data which will be attached to every request made, e.g. if you need to authenticate:
36
+
37
+ ```ruby
38
+ t.postfix = { email: 'test@hitman.org', password: '12345678' }
39
+ ```
40
+
41
+ Hitman first needs to analyse the target to find the best possible strategy to attack. Load your API class and pass it, along with a reference to your target, to Hitman:
42
+
43
+ ```ruby
44
+ scanner = Hitman::Scanner.new
45
+ target = scanner.scan_grape(t, API)
46
+ ```
47
+
48
+ Hitman is ready and armed now. Start the fuzzer and watch chaos unfold.
49
+
50
+ ```ruby
51
+ fuzzer = Hitman::Fuzzer.new
52
+ fuzzer.start(target)
53
+ ```
54
+
55
+ ## Not using a Grape API? No problem.
56
+
57
+ You just manually need to supply some secret information to Hitman.
58
+
59
+ First, create a target:
60
+
61
+ ```ruby
62
+ t = Hitman::Target.new('my api', 'http://localhost:9292')
63
+ ```
64
+
65
+ Then, for every endpoint of your API, you need to supply the HTTP method, the path and possible parameters in the form
66
+
67
+ ```ruby
68
+ route = Hitman::Route.new('post', '/api/users')
69
+ t.routes << route
70
+ route.params << Hitman::Param.new('email', 'string')
71
+ route.params << Hitman::Param.new('password', 'string')
72
+ route.params << Hitman::Param.new('password_confirmation', 'string')
73
+ ```
74
+
75
+ You can use this example:
76
+
77
+ ```ruby
78
+ my_api_routes.each do |api_route|
79
+ route = Hitman::Route.new(api_route.method, api_route.path)
80
+ t.routes << route
81
+ api_route.params.each do |name, type|
82
+ route.params << Hitman::Param.new(name, type)
83
+ end
84
+ end
85
+ ```
86
+
87
+ After that, you're ready to run the Fuzzer.
26
88
 
27
89
  ## Development
28
90
 
@@ -32,5 +94,4 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
32
94
 
33
95
  ## Contributing
34
96
 
35
- Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/hitman.
36
-
97
+ Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/hitman.
data/lib/hitman/iterators/symbol_iterator.rb ADDED
@@ -0,0 +1,9 @@
1
+ class SymbolIterator
2
+ def random_string(length)
3
+ rand(36**length).to_s(36)
4
+ end
5
+
6
+ def get
7
+ [:'', random_string(10).to_sym, random_string(500).to_sym]
8
+ end
9
+ end
data/lib/hitman/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Hitman
2
- VERSION = "0.1.1"
2
+ VERSION = "0.1.2"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hitman
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Lukas_Skywalker
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-02-03 00:00:00.000000000 Z
11
+ date: 2018-09-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -58,6 +58,7 @@ files:
58
58
  - lib/hitman/iterators/hash_iterator.rb
59
59
  - lib/hitman/iterators/integer_iterator.rb
60
60
  - lib/hitman/iterators/string_iterator.rb
61
+ - lib/hitman/iterators/symbol_iterator.rb
61
62
  - lib/hitman/param.rb
62
63
  - lib/hitman/request.rb
63
64
  - lib/hitman/route.rb
@@ -83,7 +84,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
83
84
  version: '0'
84
85
  requirements: []
85
86
  rubyforge_project:
86
- rubygems_version: 2.4.3
87
+ rubygems_version: 2.6.11
87
88
  signing_key:
88
89
  specification_version: 4
89
90
  summary: API fuzzing for professionals