Skip to main content

Tool For Fuzz Web Applications

Project description

Saker logo

Penetrate Testing Auxiliary Suite

中文版本(Chinese version)

Saker is a flexible penetrate testing auxiliary suite.

Table of contents

Features

brief introduction for support features:

  • scan website
    • infomation gathering
    • framework fingerprint
  • fuzz web request
    • XSS
    • SQL injection
    • SSRF
    • XXE
    • ...
  • subdomain gathering
  • port scanner
  • bruteforce
    • web dir
    • zip password
    • domain
    • ...
  • auxiliary servers
    • dns rebinding
    • ssrf
    • xss
  • third party api integration
    • censys
    • crtsh
    • fofa
    • github
    • shodan
    • sqlmap
    • threadcrowd
    • ...

Quick Setup

latest version

pip install -U git+https://github.com/lylemi/saker
git clone https://github.com/LyleMi/Saker.git
pip install -r requirements.txt
python setup.py install

stable version

pip install Saker

develop install

add /path/to/saker to PYTHONPATH

export PYTHONPATH=/path/to/saker:$PYTHONPATH

Example Cases

Scan Website

from saker.core.scaner import Scanner
s = Scanner("http://127.0.0.1")
s.scan(filename="index.php", ext="php")

or by shell

python -m saker scan

usage: main.py [options]

Saker Scanner

optional arguments:
  -h, --help            show this help message and exit
  -s, --scan            run with list model
  -f file, --file file  scan specific file
  -e ext, --ext ext     scan specific ext
  -i, --info            get site info
  -u URL, --url URL     define specific url
  -p PROXY, --proxy PROXY
                        proxy url
  -t INTERVAL, --timeinterval INTERVAL
                        scan time interval, random sleep by default

Fuzz Website

from saker.core.mutator import Mutator
options = {
    "url": "http://127.0.0.1:7777/",
    "params": {
        "test": "test"
    }
}
m = Mutator(options)
m.fuzz('url')
m.fuzz('params', 'test')

or by shell

python -m saker fuzz

usage: [options]

Saker Fuzzer

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     define specific url
  -m METHOD, --method METHOD
                        request method, use get as default
  -p PARAMS, --params PARAMS
                        request params, use empty string as default
  -d DATA, --data DATA  request data, use empty string as default
  -H HEADERS, --headers HEADERS
                        request headers, use empty string as default
  -c COOKIES, --cookies COOKIES
                        request cookies, use empty string as default
  -P PART, --part PART  fuzz part, could be url / params / data / ...
  -k KEY, --key KEY     key to be fuzzed
  -v VULN, --vuln VULN  Vulnarability type to be fuzzed
  -t INTERVAL, --timeinterval INTERVAL
                        scan time interval, random sleep by default

Port Scanner

python -m saker port

usage: [options]

Saker Port Scanner

optional arguments:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        define scan target
  -b, --background      run port scanner in background with unix daemon, only
                        support unix platform

Generate fuzz payload

Unicode Fuzz

from saker.fuzzer.code import Code
payload = Code.fuzzErrorUnicode(payload)

Fuzz SSI

from saker.fuzzers.ssi import SSI
payloads = [i for i in SSI.fuzz()]

Brute password or others

from saker.brute.dir import DirBrute
dirBrute = DirBrute("php", "index.php")
paths = dirBrute.weakfiles()

now support brute http basic auth, ftp, mysql, ssh, telnet, zipfile...

Call Third Party API

Crt.sh

from saker.api.crtsh import crtsh
crtsh("github.com")

DNSDumper

from saker.api.dnsdumper import DNSdumpster
DNSdumpster("github.com")

Github API

from saker.api.githubapi import GithubAPI
g = GithubAPI()
g.gatherByEmail("@github.com")

SQLMap API

from saker.api.sqlmap import SQLMap
options = {"url": "https://github.com"}
SQLMap().scan(options)

Handle HTML

import requests
from saker.handler.htmlHandler import HTMLHandler
r = requests.get("https://github.com")
h = HTMLHandler(r.text)
print(h.title)
The worlds leading software development platform · GitHub
print(h.subdomains("github.com"))
['enterprise.github.com', 'resources.github.com', 'developer.github.com', 'partner.github.com', 'desktop.github.com', 'api.github.com', 'help.github.com', 'customer-stories-feed.github.com', 'live-stream.github.com', 'services.github.com', 'lab.github.com', 'shop.github.com', 'education.github.com']

Special Server

from saker.servers.socket.dnsrebinding import RebindingServer
values = {
    'result': ['8.8.8.8', '127.0.0.1'],
    'index': 0
}
dnsServer = RebindingServer(values)
dnsServer.serve_forever()

Todo

APK analyze

Contributing

Contributions, issues and feature requests are welcome.

Feel free to check issues page if you want to contribute.

Disclaimer

This project is for educational purposes only. Do not test or attack any system with this tool unless you have explicit permission to do so.

Show your support

Please star this repository if this project helped you.

Issues

If you face any issue, you can create a new issue in the Issues Tab and I will be glad to help you out.

License

Copyright © 2019-2021 Lyle.

This project is GPLv3 licensed.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Saker-1.0.11.tar.gz (77.3 kB view details)

Uploaded Source

File details

Details for the file Saker-1.0.11.tar.gz.

File metadata

  • Download URL: Saker-1.0.11.tar.gz
  • Upload date:
  • Size: 77.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.9.5

File hashes

Hashes for Saker-1.0.11.tar.gz
Algorithm Hash digest
SHA256 f2c00d3643b3bd036957883f63c8c38fbb4693d335b6c64fd75c5f789d05a494
MD5 81a1f5c00d0cc73ece9f4e5d5f05613a
BLAKE2b-256 602950f293e14bf8a29e0b000623d9112d3cb91ef64684bd672d30de149a80b7

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page