Tool For Fuzz Web Applications
Project description
Saker is a tool for fuzz Web Applications. It can be used to penetrate website, fuzz some vulnerabilities, brute password and dirs.
This project is for research and study only, do not use Saker for unauthorized penetration testing.
Install
pip install -r requirements.txt
git clone https://github.com/LyleMi/Saker.git
python setup.py install
or by pip
pip install Saker
Features
Scan Website
>>> from saker.main import Saker
>>> s = Saker("http://127.0.0.1")
>>> s.scan(filename="index.php", ext="php")
or by shell
usage: main.py [options]
Tool For Fuzz Web Applications
optional arguments:
-h, --help show this help message and exit
-s, --scan run with list model
-f file, --file file scan specific file
-e ext, --ext ext scan specific ext
-i, --interactive run with interactive model
-u URL, --url URL define specific url
-p PROXY, --proxy PROXY
proxy url
-t INTERVAL, --timeinterval INTERVAL
scan time interval, random sleep by default
Generate fuzz payload
>>> from saker.fuzzer.code import Code
>>> payload = Code.fuzzErrorUnicode(payload)
Brute password or others
>>> from saker.brute.dir import DirBrute
>>> dirBrute = DirBrute("php", "index.php")
>>> paths = dirBrute.weakfiles()
now support brute http basic auth, ftp, mysql, ssh, telnet, zipfile...
Call Some API
>>> from saker.api.dnsdumper import DNSdumpster
>>> DNSdumpster("github.com")
Handle HTML
>>> from saker.handler.htmlhandler import HTMLHandler
>>> h = HTMLHandler("<html><head><title>title</title></head><body></body></html>")
>>> print(h.title)
Port Scanner
>>> from saker.port.nmap import Nmap
>>> n = Nmap(domain)
>>> ret = n.run()
>>> print(n.ret)
TODO
- FingerPrint
- AutoTest
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Saker-1.0.4.tar.gz
(33.1 kB
view hashes)