http-form-fuzzer
脚本使用类型:
portrule
脚本所属分类:
fuzzer, intrusive
脚本下载地址: http://nmap.org/svn/scripts/http-form-fuzzer.nse
Performs a simple form fuzzing against forms found on websites. Tries strings and numbers of increasing length and attempts to determine if the fuzzing was successful.
the minimum length of a string that will be used for fuzzing, defaults to 300000
the maximum length of a string that will be used for fuzzing, defaults to 310000
a table with the targets of fuzzing, for example {{path = /index.html, minlength = 40002}, {path = /foo.html, maxlength = 10000}}. The path parameter is required, if minlength or maxlength is not specified, then the values of http-form-fuzzer.minlength or http-form-fuzzer.maxlength will be used. Defaults to {{path="/"}}
执行格式
nmap --script http-form-fuzzer -p 80 <host> This script attempts to fuzz fields in forms it detects (it fuzzes one field at a time). In each iteration it first tries to fuzz a field with a string, then with a number. In the output, actions and paths for which errors were observed are listed, along with names of fields that were being fuzzed during error occurrence. Length and type (string/integer) of the input that caused the error are also provided. We consider an error to be either: a response with status 500 or with an empty body, a response that contains "server error" or "sql error" strings. ATM anything other than that is considered not to be an 'error'. TODO: develop more sophisticated techniques that will let us determine if the fuzzing was successful (i.e. we got an 'error'). Ideally, an algorithm that will tell us a percentage difference between responses should be implemented.
PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-form-fuzzer: | Path: /register.html Action: /validate.php | age | integer lengths that caused errors: | 10000, 10001 | name | string lengths that caused errors: | 40000 | Path: /form.html Action: /check_form.php | fieldfoo | integer lengths that caused errors: |_ 1, 2
Author: Piotr Olma
License: VER007 整理 http://www.ver007.com