FuzzingTool Versions Save

New features

• Added a replay proxy option --replay-proxy PROXY;
• Added a Matcher option to match responses by regex -Mr REGEX;
• Added Filter:
  • Exclude responses by status codes -Fc STATUS;
  • Exclude responses by regex -Fr REGEX;
• Added recursion jobs feature:
  • Plugin scanners now can enqueue payloads for the next job when needed;
  • Added directory recursion feature (--recursion) on path fuzzing;
  • The user can set the maximum recursion level from jobs (--max-rlevel RLEVEL);
• Added option to set multiple plugin scanners (when use multiple --scanner argument);
• Added plugin scanners:
  • Backups;
  • Wappalyzer;

Removed features

• Removed the use of multiple http methods;
• Removed Find plugin (replaced by match by regex);

Bugfix

• Fixed a bug with match logic on Matcher, when set multiple match options and only one is considered;
• Fixed a bug with DnsZone plugin when set an invalid hostname;
• Fixed a split string error on function split_str_to_list;

CLI output changes

• When do a subdomain fuzzing, the ip address will no longer be shown on cli output. It'll only be stored in the report file;
• Added a progress bar (credits to Dirsearch for the idea)

Other changes

• Changed the program binary name from FuzzingTool to fuzzingtool;
• Now the Dictionary object will enqueue Payload objects into the payloads queue;
• Each Payload has his own recursion level attribute (Payload.rlevel) to tell about the job recursion level;
• Now the wordlist creation and build are threaded;

Code refactored

• Added HttpHistory object to store the information about the request and response into the result object, including the ip address when do a subdomain fuzzing;
• Moved some functions from http_utils module to UrlParse class;
• Removed inspect_result method from scanners. Now they will append results in the _process method;
• Removed decorator append_args, no longer needed;
• Updated fuzz types and created a class to store the plugin categories on utils/consts;
• Moved both logger and reports to persistence directory;
• Updated the order of the parameters on PluginFactory methods;
• Moved the api to outside of a specific folder;
• Moved the argument build functions to utils/argument_utils;

New features

• Added an option to save the payload configuration on report (--save-payload-conf);
• Added an option to save the response HTTP headers on report (--save-headers);
• Added an option to save the response body on report (--save-body);
• Added an option to match results by the quantity of words on response body (-Mw QTY_WORDS);
• Added an option to match results by the quantity of lines on response body (-Ml QTY_LINES);
• When press Ctrl+C during the fuzzing, the application will pause and wait for an action (continue, status or quit);
• Added FuzzingTool library and API (check Wiki);

Removed features

• Removed multiple targets option;
• Removed the check for redirections when DataFuzzing is detected;

Bugfix

• Fixed an issue with the HTTP headers read on method build_target_from_raw_http;
• Fixed a bug on setup headers from Requester;
• Fixed a bug with the Robots plugin, that wasn't raising an exception when the robots.txt page was not found;

CLI output changes

• Updated the output from print_config to show only the target and dictionary configurations;
• Updated the result output format, no longer needs the cli_callback from the scanners;

Other changes

• Changed the fuzzing mark from $ to FUZZ;
• When the application is calibrating the data comparator, it will no longer send a ' ' as arbitraty payload. Instead of it, an ask will be made to the user to set the arbitrary payload that will be send in the request;

Code refactored

• Updated Matcher callbacks;
• Added fuzzingtool/objects directory to store the FuzzingTool objects;
• Moved ArgumentParser to CliArguments;
• Updated ArgumentBuilder methods;
• Removed RequesterFactory;

Code refatored

• Entire code was refatored to pep8 notation;

Repository updates

• Added workflows;

Next steps

• Add unit tests;

New features

• Allow to use multiple encoders;
• Allow to use chain encoders (multiple encoders applied to a single payload);
• Added new encoder plugins:
  • HtmlDec - encode the payload to html decimal format;
  • HtmlHex - encode the payload to html hexadecimal format;
• Added new arguments (see List of Execution Parameters):
  • Allow to encode specific parts of a payload by using regex, with the --encode-only argument;
  • Allow to remove duplicated payloads from the final wordlist, with the --unique argument;
• Added DnsDumpster plugin to the wordlists (see Plugin wordlists);
• Added Grep plugin to the scanners (see Plugin scanners);
• Added option to insert logic operators with the Matcher item that'll be compared (see Matching results);

For detailed information about the new encoder features, see Encoders.

Bugfixes

• Fixed a bug when more than one http method is specified to same target, and the application stops to run (revised since the last release);
• Updated the WordlistFactory exception to no longer show NoneType exception, when specifying multiple targets for wordlists without parameters;
• Fixed the split string logic on splitStrToList function;

CLI output changes

• Updated the file size to human readable format;
• The simple output option will no longer display the program banner;

Request changes

• Added a lock mutex when setting up the payload on Request.__getRequestParameters, to prevent race conditions;
• Added an argument isSession in the class constructor to define if the requester will use a session request;
• Added a body setter method;

Scanner changes

• Now the IP address are saved on the result when do a subdomain fuzzing using plugin scanners;

Code refatored

• Moved the http functions from conn/RequestParser to utils/http_utils;
• Moved the request indexer from the Request to the Fuzzer;
• Moved the base, default and plugin classes to specific folders;
• Moved the file operation functions from utils/utils to utils/file_utils;
• Moved the Logger to utils/Logger;
• Changed the requester factory name from HttpFactory to RequestFactory;
• Created a consts file utils/consts to handle with fuzzing types information, output directory, and also the app fuzzing mark;
• Applied strategy design pattern on the reports;
• Updated python notations on return types from the class methods and functions;
• Inserted decorator functions;

New features

• Allow to insert multiple wordlists (globally or per target)
  • Assign a wordlist to each target with numerous -w, or a global wordlist using only one -w;
  • Use multiple wordlists to same target -w 'wordlist1;wordlist2';
• Allow to wordlist plugins automatically detects and build their parameters based on target;
• Now both the exception and the used payload are written in the logfile;
• Added robots.txt plugin to the wordlists;
• Updated CLI output options
  • Added an option to disable the terminal colors --no-colors;
  • Added an option to simplify the output mode, removing the time label and reducing the other labels -S, --simple-output;

CLI output changes

• Updated the program's progress status: the format is more clean and shows the current payload that are being used;
• Updated the PathScanner status codes coloring;

Bugfixes

• Fixed the proxy setup on Request;
• Fixed the Logger that wasn't writting in the logfile;
• Fixed a bug when more than one http method is specified to same target, and the application stops to run;
• Fixed an exception when the same target is setted more than one time. Now a target can appear more than one time if all of them do the same type of fuzzing, or by selecting a global scanner plugin;

Exception handling

• At now, none of the RequestExceptions will stop the application, instead of it the program will ask for the user if he wants to continue with that target.
• The objectCreator method from PluginFactory no longer raises a PluginNotFound exception. This exception was transfered to the classCreator in the same factory.

Code refatored

• All the program arguments parsing are now handled by ArgumentParser that extends the argparse.ArgumentParser;
• Separate the Dictionary class from the wordlists;
• Removed unused anonimous functions on CliOutput;
• The blacklist status codes, and actions, was moved to a separated class called BlacklistStatus;
• Removed the Response class. Now the Request object will return a tuple of items: the raw response from the requests library, and the RTT. The SubdomainRequest appends the target's ip to this tuple;
• Moved the FuzzingTool results from the python dictionary to a separated class Result
  • The results are no longer created by the scanners;
  • Changed the getResult method from the scanners to inspectResult;
• Separated the Matcher from the scanners;
• Updated base classes to abstract classes;

Better dictionaries manipulation (beta)

• Allow the insertion of multiple dictionaries (one per target);
• Allow to dictionaries plugins automatically detects and build their parameters based on target;

Exception handling

• FuzzingTool will ask if the user wants to remove the target, on connection errors for subdomain fuzzing, instead of just remove the target.

New features

• Added DNS Zone Transfer dictionary plugin;

Options changed

• All plugins names was changed to better use them;

Exception handling

• FuzzingToll will no longer generate a request exception when detects a 404 status code during the connection test;

Code refatored

• Inserted the facttory design pattern to the project (for both requesters and plugins);
• Better encapsulation for the interfaces (will help to add a GUI interface on future);
  • Added interfaces directory;
  • Moved cli to interfaces/cli;
  • Create an ArgumentBuilder class to handle with the arguments construction;
• Removed parsers directory;

Error handling

• FuzzingTool was interrupting the application when detects a 404 page, using DataFuzzing mode during the connection test. Now the app will ask if the user wants to remove the target, instead of interrupt.

Bugfixes

• Fixed a problem when appending an encoded payload to a base string. Due to that, all encoded payloads are decoded into string;
• Fixed a count error for the request index;
• Removed the BinaryEncoder for now. It may be added again on future.

New features

• Option to insert multiple targets:
  • by urls (for each -u);
  • by raw HTTP (for each -r);
• Option to insert custom, and multiple, http verbs (request methods);
• Fuzzing http verbs;
• Added scanners (see Default scanners and Custom scanners);
• Added dictionaries (see Default dictionaries and Custom dictionaries);
• Added encoders (see Encoders);
• Use requests Session object to perform a session request for URL fuzzings. Keep the common request method for non URL fuzzings;
• Blacklist a response status code to pause the application, or skip the current fuzzed target;
• Added wordlists to the project;

Code refatored

• ApplicationManager: Added callback functions to be called on Fuzzer, removed the proxies checker and ajusted the footer content;
• OutputHandler: Moved the help menu to ApplicationManager;
• FileHandler: Separated the reports and logs functions into classes - Logger and Reporter;
• RequestParser: Bring the commom url parsing functions to out of the class;
• Moved the exceptions to exceptions directory;
• Moved the useful functions to utils directory;

To Do

• Implement crawler plugins;
• Implement GUI interface;
• Implement advanced XSS scanners (by running JS on background);
• Implement advanced SQLi scanners (could build a new plugin to enqueue more requests, to enumerate the database information);
• Implement a proxy to intercept HTTP requests and build the target based on it (suggested by @Matheushresende);
• Refator the plugins using Factory design pattern.