Skip to main content
Python Software Foundation 20th Year Anniversary Fundraiser  Donate today!

Assertion Library for Security Assumptions

Project description

Fluid Asserts is an engine to automate the closing of security findings over execution environments (DAST).

Setup

pip install -U fluidasserts

Usage

Import the required Fluid Asserts modules into your exploit:

from fluidasserts.proto import http

http.has_sqli('http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27')

And run your exploit:

$ python example.py
---
# Fluid Asserts (v. 18.5.39870)
#  ___
# | >>|> fluid
# |___|  attacks, we hack your software
#
# Loading attack modules ...
---
check: fluidasserts.proto.http.has_sqli
status: OPEN
message: 'A bad text was present: "Warning.*mysql_.*"'
details:
  fingerprint:
    sha256: 2778b9d49ae98527b95f1c60b0989c1ee870c11e65ee6c359eff8b6f757b0e27
    banner: "Server: nginx/1.4.1\r\nDate: Mon, 26 Jan 1970 01:11:40 GMT\r\nContent-Type:\
      \ text/xml\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By:\
      \ PHP/5.3.10-1~lucid+2uwsgi2"
  url: http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27
when: 2018-05-28 11:40:19.721614
---

Project details


Release history Release notifications | RSS feed