Merge pull request #134 from xmendez/dev

Merge Dev into master
xmendez · Apr 27, 2019 · 05c8a6f · 05c8a6f
2 parents 9c9fecb + fbd906c
commit 05c8a6f
Show file tree

Hide file tree

Showing 47 changed files with 2,957 additions and 1,515 deletions.
diff --git a/MANIFEST.in b/MANIFEST.in
@@ -1,2 +1,3 @@
 include README.md
 include LICENSE
+include docs/*
diff --git a/Makefile b/Makefile
@@ -4,7 +4,7 @@ test:
 	tox --recreate
 flake8:
 	pip install flake8
-	flake8 --ignore=E501,E402,F401 src tests
+	flake8 --ignore=E501,E402,F401,W504 src tests
 publish:
 	pip install 'twine>=1.5.0'
 	python setup.py sdist

diff --git a/README.md b/README.md
@@ -2,6 +2,7 @@
 
 <a href="https://pypi.python.org/pypi/wfuzz"><img src="https://img.shields.io/pypi/v/wfuzz.svg"></a>
 <a href="https://pypi.python.org/pypi/wfuzz"><img src="https://img.shields.io/pypi/pyversions/wfuzz.svg"></a>
+[![Build Status](https://travis-ci.org/xmendez/wfuzz.svg?branch=master)](https://travis-ci.org/xmendez/wfuzz)
 <a href="https://codecov.io/github/xmendez/wfuzz"><img src="https://codecov.io/github/xmendez/wfuzz/coverage.svg?branch=master"></a>
 
 Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload.

diff --git a/docs/library/guide.rst b/docs/library/guide.rst
@@ -7,7 +7,7 @@ All options that are available within the Wfuzz command line interface are avail
 CLI Option               Library Option
 ======================== =====================================================================================
 <URL>                    url="url"
---recipe <filename>      recipe="filename"
+--recipe <filename>      recipe=["filename"]
 --oF <filename>          save="filename"
 -f filename,printer      printer=("filename", "printer")
 --dry-run                dryrun=True
@@ -19,6 +19,7 @@ CLI Option               Library Option
 -Z                       scanmode=True
 --req-delay N            req_delay=0
 --conn-delay N           conn_delay=0.0
+--no-cache               no_cache=True
 --script=<plugins>       script="plugins"
 --script-args n1=v1,...  script_args={n1: v1}
 -m iterator              iterator="iterator"
@@ -45,7 +46,7 @@ Fuzzing a URL with wfuzz library is very simple. Firstly, import the wfuzz modul
 
 >>> import wfuzz
 
-Now, let's try to fuzz a webpage to look for hidden content, such as directories. For this example, let's use Acunetix's testphp (http://testphp.vulnweb.com/)::
+Now, let's try to fuzz a web page to look for hidden content, such as directories. For this example, let's use Acunetix's testphp (http://testphp.vulnweb.com/)::
 
     >>> import wfuzz
     >>> for r in wfuzz.fuzz(url="http://testphp.vulnweb.com/FUZZ", hc=[404], payloads=[("file",dict(fn="wordlist/general/common.txt"))]):
@@ -67,14 +68,13 @@ A FuzzSession object has all the methods of the main wfuzz API.
 The FuzzSession object allows you to persist certain parameters across fuzzing sessions::
 
     >>> import wfuzz
-    >>> s=wfuzz.FuzzSession(url="http://testphp.vulnweb.com/FUZZ")
+    >>> s = wfuzz.FuzzSession(url="http://testphp.vulnweb.com/FUZZ")
     >>> for r in s.fuzz(hc=[404], payloads=[("file",dict(fn="wordlist/general/common.txt"))]):
     ...     print r
     ... 
     00060:  C=301      7 L        12 W          184 Ch        "admin"
     00183:  C=403     10 L        29 W          263 Ch        "cgi-bin"
     ...
-    >>> s.close()
 
 FuzzSession can also be used as context manager::
 
@@ -89,25 +89,26 @@ FuzzSession can also be used as context manager::
 Get payload
 ===========
 
-The get_payload function generates a Wfuzz payload from a Python iterable. It is a quick and flexible way of getting a payload programatically without using Wfuzz payloads plugins.
+The get_payload function generates a Wfuzz payload from a Python iterable. It is a quick and flexible way of getting a payload programmatically without using Wfuzz payloads plugins.
 
 Generating a new payload and start fuzzing is really simple::
 
     >>> import wfuzz
-    >>> for r in wfuzz.get_payload(range(5)).fuzz(url="http://testphp.vulnweb.com/FUZZ"):
+    >>> s = wfuzz.get_payload(range(5))
+    >>> for r in s.fuzz(url="http://testphp.vulnweb.com/FUZZ"):
     ...     print r
     ... 
     00012:  C=404      7 L        12 W          168 Ch        "0"
     00013:  C=404      7 L        12 W          168 Ch        "1"
     00014:  C=404      7 L        12 W          168 Ch        "2"
     00015:  C=404      7 L        12 W          168 Ch        "3"
     00016:  C=404      7 L        12 W          168 Ch        "4"
-    >>> 
 
 The get_payloads method can be used when various payloads are needed::
 
     >>> import wfuzz
-    >>> for r in wfuzz.get_payloads([range(5), ["a","b"]]).fuzz(url="http://testphp.vulnweb.com/FUZZ/FUZ2Z"):
+    >>> s = wfuzz.get_payloads([range(5), ["a","b"]])
+    >>> for r in s.fuzz(url="http://testphp.vulnweb.com/FUZZ/FUZ2Z"):
     ...     print r
     ... 
     00028:  C=404      7 L        12 W          168 Ch        "4 - b"
@@ -120,16 +121,16 @@ The get_payloads method can be used when various payloads are needed::
     00020:  C=404      7 L        12 W          168 Ch        "0 - b"
     00023:  C=404      7 L        12 W          168 Ch        "2 - a"
     00019:  C=404      7 L        12 W          168 Ch        "0 - a"
-    >>> 
 
 Get session
 ===========
 
-The get_session function generates a Wfuzz session object from the specified command line. It is a quick way of getting a payload programatically from a string representing CLI options::
+The get_session function generates a Wfuzz session object from the specified command line. It is a quick way of getting a payload programmatically from a string representing CLI options::
 
     $ python
     >>> import wfuzz
-    >>> for r in wfuzz.get_session("-z range,0-10 http://testphp.vulnweb.com/FUZZ").fuzz():
+    >>> s = wfuzz.get_session("-z range,0-10 http://testphp.vulnweb.com/FUZZ")
+    >>> for r in s.fuzz():
     ...     print r
     ... 
     00002:  C=404      7 L        12 W          168 Ch        "1"
@@ -144,3 +145,29 @@ The get_session function generates a Wfuzz session object from the specified com
     00009:  C=404      7 L        12 W          168 Ch        "8"
     00010:  C=404      7 L        12 W          168 Ch        "9"
 
+Interacting with the results
+============================
+
+Once a Wfuzz result is available the grammar defined in the filter language can be used to work with the results' values. For example::
+
+    $ python
+    >>> import wfuzz
+
+    >>> with wfuzz.get_session("-z list --zD test -u http://testphp.vulnweb.com/userinfo.php -d uname=FUZZ&pass=FUZZ") as s:
+    ...     for r in s.fuzz():
+    ...             print(r.history.cookies.response)
+    ...             print(r.history.params.all)
+    ...             print(r.history.params.post)
+    ...             print(r.history.params.post.uname)
+    ...             print(r.history.params.post['pass'])
+    {'login': 'test%2Ftest'}
+    {'uname': 'test', 'pass': 'test'}
+    {'uname': 'test', 'pass': 'test'}
+    test
+    test
+    >>>
+
+The result object has also a method to evaluate a language expression::
+
+    >> print(r.eval("r.cookies.response"))
+    login=test%2Ftest