安全假设断言图书馆
fluidasserts的Python项目详细描述
Fluid Asserts是引擎 自动关闭安全发现 过度执行环境(DAST)。
设置
pip install -U fluidasserts
用法
将所需的Fluid Asserts模块导入攻击:
fromfluidasserts.protoimporthttphttp.has_sqli('http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27')
运行您的漏洞:
$ python example.py --- # Fluid Asserts (v. 18.5.39870) # ___ # | >>|> fluid # |___| attacks, we hack your software # # Loading attack modules ... --- check: fluidasserts.proto.http.has_sqli status: OPEN message: 'A bad text was present: "Warning.*mysql_.*"' details: fingerprint: sha256: 2778b9d49ae98527b95f1c60b0989c1ee870c11e65ee6c359eff8b6f757b0e27 banner: "Server: nginx/1.4.1\r\nDate: Mon, 26 Jan 1970 01:11:40 GMT\r\nContent-Type:\ \ text/xml\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By:\ \ PHP/5.3.10-1~lucid+2uwsgi2" url: http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27 when: 2018-05-28 11:40:19.721614 ---