wafamole.payloadfuzzer package¶
Submodules¶
wafamole.payloadfuzzer.fuzz_utils module¶
-
wafamole.payloadfuzzer.fuzz_utils.
filter_candidates
(symbols, payload)[source]¶ It removes all the symbols that are not contained inside the input payload string.
Parameters: - symbols (dict) – dictionary of symbols to filter (using the key)
- payload (str) – the payload to use for the filtering
Raises: TypeError
– bad types passed as argumentReturns: a list containing all the symbols that are contained inside the payload.
Return type: list
-
wafamole.payloadfuzzer.fuzz_utils.
num_contradiction
()[source]¶ Returns a random contradiction explicit using numbers chosen from a fixed set.
Returns: string containing a contradiction Return type: (str)
-
wafamole.payloadfuzzer.fuzz_utils.
num_tautology
()[source]¶ Returns a random tautology explicit using numbers chosen from a fixed set.
Returns: string containing a tautology Return type: (str)
-
wafamole.payloadfuzzer.fuzz_utils.
random_char
(spaces=True)[source]¶ Returns a random character.
Keyword Arguments: spaces (bool) – include spaces [default = True] Raises: TypeError
– spaces not boolReturns: random character Return type: str
-
wafamole.payloadfuzzer.fuzz_utils.
random_string
(max_len=5, spaces=True)[source]¶ It creates a random string.
Keyword Arguments: - max_length (int) – the maximum length of the string [default=5]
- spaces (bool) – if True, all the printable character will be considered. Else, only letters and digits [default=True]
Raises: TypeError
– bad type passed as argumentReturns: random string
Return type: (str)
-
wafamole.payloadfuzzer.fuzz_utils.
replace_nth
(candidate, sub, wanted, n)[source]¶ Replace the n-th occurrence of a portion of the candidate with wanted.
Parameters: - candidate (str) – the string to be modified
- sub (str) – regexp containing what to substitute
- wanted (str) – the string that will replace sub
- n (int) – the index of the occurrence to replace
Raises: TypeError
– bad type passed as argumentsReturns: the modified string
Return type: (str)
-
wafamole.payloadfuzzer.fuzz_utils.
replace_random
(candidate, sub, wanted)[source]¶ Replace one picked at random of the occurrence of sub inside candidate with wanted.
Parameters: - candidate (str) – the string to be modified
- sub (str) – regexp containing what to substitute
- wanted (str) – the string that will replace sub
Raises: TypeError
– bad type passed as argumentsReturns: the modified string
Return type: (str)
wafamole.payloadfuzzer.sqlfuzzer module¶
Strategies and fuzzer class module
-
class
wafamole.payloadfuzzer.sqlfuzzer.
SqlFuzzer
(payload)[source]¶ Bases:
object
SqlFuzzer class
-
strategies
= [<function spaces_to_comments>, <function random_case>, <function swap_keywords>, <function swap_int_repr>, <function spaces_to_whitespaces_alternatives>, <function comment_rewriting>, <function change_tautologies>, <function logical_invariant>, <function reset_inline_comments>, <function shuffle_integers>]¶
-
-
wafamole.payloadfuzzer.sqlfuzzer.
logical_invariant
(payload)[source]¶ Adds an invariant boolean condition to the payload
E.g., something OR False
Parameters: payload –
-
wafamole.payloadfuzzer.sqlfuzzer.
reset_inline_comments
(payload: str)[source]¶ Remove randomly chosen multi-line comment content. :param payload: query payload string
Returns: payload modified Return type: str
-
wafamole.payloadfuzzer.sqlfuzzer.
shuffle_integers
(payload)[source]¶ Replace number=number or number LIKE number cases with a digit + letter combination of the number’s size
e.g. SELECT admins FROM (SELECT * FROM user WHERE 1782 LIKE 1782) WHERE 999=122 could become SELECT admins FROM (SELECT * FROM user WHERE a1H9 LIKE a1H9) WHERE 999=122
Parameters: payload –