Skip to main content

Assertion Library for Security Assumptions

Project description

Fluid Asserts is an engine to automate the closing of security findings over execution environments (DAST).

Setup

pip install -U fluidasserts

Usage

Import the required Fluid Asserts modules into your exploit:

from fluidasserts.proto import http

http.has_sqli('http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27')

And run your exploit:

$ python example.py
---
# Fluid Asserts (v. 18.5.39870)
#  ___
# | >>|> fluid
# |___|  attacks, we hack your software
#
# Loading attack modules ...
---
check: fluidasserts.proto.http.has_sqli
status: OPEN
message: 'A bad text was present: "Warning.*mysql_.*"'
details:
  fingerprint:
    sha256: 2778b9d49ae98527b95f1c60b0989c1ee870c11e65ee6c359eff8b6f757b0e27
    banner: "Server: nginx/1.4.1\r\nDate: Mon, 26 Jan 1970 01:11:40 GMT\r\nContent-Type:\
      \ text/xml\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By:\
      \ PHP/5.3.10-1~lucid+2uwsgi2"
  url: http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27
when: 2018-05-28 11:40:19.721614
---

Project details


Release history Release notifications

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for fluidasserts, version 19.6.18660
Filename, size File type Python version Upload date Hashes
Filename, size fluidasserts-19.6.18660-py2.py3-none-any.whl (126.9 kB) File type Wheel Python version 3.7 Upload date Hashes View hashes
Filename, size fluidasserts-19.6.18660.zip (126.1 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page