Giter Site home page Giter Site logo

filter-chain-tools's Introduction

filterChainFuzzerAndGenerator

English | 简体中文

A fuzz and generator based on php and python filter chain.

Possible use scenarios:

  • No document RCE
  • CTF The Web in
  • CTF The Misc in
  • ... (more possible?)

About

You can learn the principle and more details in the doc below

Also, thanks for the ideas provided by the following projects

The purpose of each file in the project directory is as follows:

  • Fuzzer.php dictionary needed for Fuzz filter chain
    • iconv_list.php Fuzz character set file, you can customize the corresponding encoding set according to the scene
    • Init Fuzzer includes files, basically no need to change
  • Generator.py Filter chain for generating arbitrary payloads
  • List of dictionaries in aview.py output .res folder
  • get_dic.py convert single-character files in the .res folder to a custom dictionary.py dictionary
  • dictionary.py single character dictionary, can be customized, default use get_dic.py generation

Usage

Fuzz

Fuzz relies on Fuzzer.php

Define the character set you need for fuzz in iconv_list.php

image

Select the corresponding character set according to the corresponding environment:

iconv -l

image

Set the parameters in the Fuzzer.php:

img

Start Fuzz with the following command:

php Fuzzer.php

Generator

Filter chain generation relies on Generator.py implementation.

Two modes are currently available:

  • Chain generation using the original hexcode encoded letters in the .res folder
  • Using dictionary generation in dictionary.py

If you want to use the first mode, the dictionary corresponding to hexcode is included with the project download, just set the parameters at the beginning of the file:

img

Of course, you can also generate your own according to the project principle.

If you use the second mode, the project also prepared a Fuzz good word dictionary in dictionary.py:

img

You can also Fuzz according to your own needs, the process is roughly as follows:

  • Set the required character set
  • Run Fuzzer.php
  • Use get_dic.py to extract the running dictionary from .res

Of course, if you are familiar with the principle, you can also use the method you want to modify the dictionary file dictionary.py.

When everything is ready, use the following command directly:

python Generator.py

That's it.

filter-chain-tools's People

Contributors

dimasma0305 avatar nyr4ki avatar probiusofficial avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.