ameenmaali / qsfuzz Goto Github PK

It may be useful to be able to inject headers on a rule basis in addition to specifying them on the command line. This would allow us to test rules like the following using the already built-in functionality for response matching:

    CORSDetection:
      description: CORS misconfiguration
      injectHeader:
        - "Origin: test.com"
      expectation:
        responseHeaders:
          - Access-Control-Allow-Origin: test.com

This could also be extended to further tests such as X-Host, X-Forwarded-Host, X-Forwarded-Server being reflected in the response, or Host header SSRF's.

The benefit to having this feature as a rule instead of setting a blanket header for every request is that some hosts and endpoints may respond badly to them.

go get github.com/ameenmaali/qsfuzz cannot find package "github.com/hashicorp/hcl/hcl/printer" in any of:
/usr/local/go/src/github.com/hashicorp/hcl/hcl/printer (from $GOROOT)
/root/go/src/github.com/hashicorp/hcl/hcl/printer (from $GOPATH)

It would be useful to add a proxy flag to enable the utilization of a tool for rotating IP addresses to prevent blacklisting.

hello,
thanks for this awesome tool, when you run a scan against a URL that have a blank value like http://example.com/hack/this/?one=1&two=&three=3, here the tools won't inject in two parameter,
please, check this and fix it if you can.

To help with heuristics, it would also be great to have the original value of the query parameter represented by a template string like [[originalValue]].

So something like

    injections:
      - [[originalValue]]'"><h2>asd</h2>'

So rather than completely replacing the query string value, you simply append to it. I'm not sure how you would ensure that [[originalValue]] is different if a URL has more than one query parameter though.

I get the following error when I run a list of URL's:

goroutine 1 [running]:
main.getInjectedUrls(0xc4208f4280, 0xc42008e180, 0x51, 0xc420120e40, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, ...)
        /go/src/github.com/ameenmaali/qsfuzz/utils.go:191 +0xeb9
main.main()
        /go/src/github.com/ameenmaali/qsfuzz/main.go:151 +0x4e9

Could you please add a license statement and a LICENSE/COPYING file? Is a requirement for a lot of distributions to include a tool. Thanks.

Would help if you publish a new release after.

how to setup slack ............... key in which config ....file where is it location

hey , please can u please add regex pattern feature like:
responseContents:
- "somestring.*theEndOfThePattern"
and thanks alot.