Current implementation of fuzzing is quite slow, and using multiple threads should make it faster.

For example:

(Grep
  :regex "TWO_FA_REQUIRED"
  :action
  (NextStage "multi_factor")
  :otherwise
  (NextStage "get_access_token"))

Instead of having only one allowed action like the NextStage here, it would be useful to add more than one, maybe in a list.

Add an option to allow changing the configuration for raider instead of having to edit the common.hy file by hand

At the moment the only way to create a new project is to manually edit the configuration files. Make it easier for users to start using raider by asking inputs, creating the boilerplate configuration files, and letting them edit it afterwards.

Create the documentation in sphinx and upload it to readthedocs

Now there's the modules.py file which contain classes that aren't really modules. Cookie and Header classes also act as inputs/outputs. After some brainstorming, I decided to put them all together and move CookieStore and HeaderStore to structures. Everything else that acts as an input and/or output for a Flow will be defined as a Plugin.

Json plugin at the moment is quite rudimentary, and doesn't allow extracting the fields inside easily. This needs to be improved for the tool to be usable for applications which use json

For now the Header class is rudimentary, and Basicauth/Bearerauth objects are defined to handle the authentication. Those two should be merged in the Header class somehow. So the goal is to make Header more flexible.

Create a new class to hold templates of requests. Those should be used when needing to define multiple similar-looking flows. Instead of redefining each time the same thing with little differences, it'd make the hyfiles cleaner if templates were allowed.

Raider needs another object to deal with fuzzing

To make it easier to install the application, it needs to be published on pypi so users can just use pip install and not have to deal with the source.

Publish the sphinx documentation for easy access.

For now the basic authentication probably works only when ASCII encoding is used. Should default to ISO-8859-1 and use UTF-8 when explicitly requested by the server (see https://datatracker.ietf.org/doc/html/rfc7617).

Enable uploading files with raider. Currently there's no way to do that.

Fix docstrings, add references, more examples, and document the undocumented features.

Logging is implemented poorly and inconsistently. Needs to be improved and given more structure.

Create a new operation that will allow saving arbitrary data from responses to a file.

Write the docstrings for everything

At the moment Raider crashes when dealing with JSON data in the PostBody when some of the nested data is a plugin. This is because only the high level plugins are processed in the JSON body. To solve this, the entire JSON body needs to be parsed so that the plugins nested inside other data structures get processed as well.

At the moment Raider only sends the bodies of POST requests in URL encoded form. This is not enough. Creating a new object to allow sending the data in JSON or other formats is necessary.

Instead of authenticating every time from the beginning, build a feature that will allow the user to save the session data and load them later on demand.