digeex / raider Goto Github PK
View Code? Open in Web Editor NEWDEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider
Home Page: https://raiderauth.com/
License: GNU General Public License v3.0
DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider
Home Page: https://raiderauth.com/
License: GNU General Public License v3.0
Add an option to allow changing the configuration for raider instead of having to edit the common.hy file by hand
Raider needs another object to deal with fuzzing
Create the documentation in sphinx and upload it to readthedocs
For now the basic authentication probably works only when ASCII encoding is used. Should default to ISO-8859-1 and use UTF-8 when explicitly requested by the server (see https://datatracker.ietf.org/doc/html/rfc7617).
At the moment Raider crashes when dealing with JSON data in the PostBody when some of the nested data is a plugin. This is because only the high level plugins are processed in the JSON body. To solve this, the entire JSON body needs to be parsed so that the plugins nested inside other data structures get processed as well.
Fix docstrings, add references, more examples, and document the undocumented features.
Json plugin at the moment is quite rudimentary, and doesn't allow extracting the fields inside easily. This needs to be improved for the tool to be usable for applications which use json
For now the Header class is rudimentary, and Basicauth/Bearerauth objects are defined to handle the authentication. Those two should be merged in the Header class somehow. So the goal is to make Header more flexible.
Write the docstrings for everything
Logging is implemented poorly and inconsistently. Needs to be improved and given more structure.
Current implementation of fuzzing is quite slow, and using multiple threads should make it faster.
Instead of authenticating every time from the beginning, build a feature that will allow the user to save the session data and load them later on demand.
At the moment the only way to create a new project is to manually edit the configuration files. Make it easier for users to start using raider by asking inputs, creating the boilerplate configuration files, and letting them edit it afterwards.
For example:
(Grep
:regex "TWO_FA_REQUIRED"
:action
(NextStage "multi_factor")
:otherwise
(NextStage "get_access_token"))
Instead of having only one allowed action like the NextStage here, it would be useful to add more than one, maybe in a list.
Now there's the modules.py file which contain classes that aren't really modules. Cookie and Header classes also act as inputs/outputs. After some brainstorming, I decided to put them all together and move CookieStore and HeaderStore to structures. Everything else that acts as an input and/or output for a Flow will be defined as a Plugin.
At the moment Raider only sends the bodies of POST requests in URL encoded form. This is not enough. Creating a new object to allow sending the data in JSON or other formats is necessary.
Publish the sphinx documentation for easy access.
Create a new operation that will allow saving arbitrary data from responses to a file.
To make it easier to install the application, it needs to be published on pypi so users can just use pip install and not have to deal with the source.
Create a new class to hold templates of requests. Those should be used when needing to define multiple similar-looking flows. Instead of redefining each time the same thing with little differences, it'd make the hyfiles cleaner if templates were allowed.
Enable uploading files with raider. Currently there's no way to do that.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.