kazet / wpgarlic Goto Github PK

Does the tool have a defect report?

I want to more details to know how to use this tool, I'm a learner,so i want to test poc by this tools, i want to kown which file shoud i use first,maybe ..?filtering.py or fuzzer_container.py....

Hi there,
When I started fuzzing, I got this message, what's the problem?
[+] Running 3/3
⠿ Container wpgarlic-db1-1 Started 1.0s
⠿ Container wpgarlic-dns1-1 Started 1.0s
⠿ Container wordpress1 Started 1.9s
wait-for-it.sh: waiting for db1:3306 without a timeout

Also, when I run these containers, the mysqld uses 99% of the CPU.

I really appreciate any help you can provide.

Hello there, thank you for your research, I have a question regarding the tool. At first after installing, I had to tweak the dependencies versions a little bit to get it to work, and it worked perfectly afterward and I was able to fuzz and see the findings of the fuzzing.
But as soon as I started to fuzz the next plugin, the findings printer stopped working properly and it started to raise an Exception for Zero Division Error:

┌──(venv)─(root@kali)-[~/wpgarlic]
└─# bin/print_findings data/plugin_fuzz_results/
0%| | 0/1 [00:00<?, ?it/s]data/plugin_fuzz_results/pdf-generator-for-wp_4b256ea0c30ed8675326896c750f21be.json
Nothing found in pdf-generator-for-wp_4b256ea0c30ed8675326896c750f21be.json. Archiving the report...
data/plugin_fuzz_results/scanned/pdf-generator-for-wp_4b256ea0c30ed8675326896c750f21be.json: 84.3% -- replaced with data/plugin_fuzz_results/scanned/pdf-generator-for-wp_4b256ea0c30ed8675326896c750f21be.json.gz
100%|████████████████████████████████████████████████████████████████████████████████████| 1/1 [00:34<00:00, 34.74s/it]
Unique filepaths total: 1
Filepaths with report printed: 0 (0.00%)

┌──(venv)─(root@kali)-[~/wpgarlic]
└─# bin/print_findings data/plugin_fuzz_results/
0it [00:00, ?it/s]
Unique filepaths total: 0
Traceback (most recent call last):
File "/root/wpgarlic/print_findings.py", line 250, in
typer.run(print_findings_from_folder)
File "/root/wpgarlic/venv/lib/python3.9/site-packages/typer/main.py", line 864, in run
app()
File "/root/wpgarlic/venv/lib/python3.9/site-packages/typer/main.py", line 214, in call
return get_command(self)(*args, **kwargs)
File "/root/wpgarlic/venv/lib/python3.9/site-packages/click/core.py", line 1128, in call
return self.main(*args, **kwargs)
File "/root/wpgarlic/venv/lib/python3.9/site-packages/click/core.py", line 1053, in main
rv = self.invoke(ctx)
File "/root/wpgarlic/venv/lib/python3.9/site-packages/click/core.py", line 1395, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/root/wpgarlic/venv/lib/python3.9/site-packages/click/core.py", line 754, in invoke
return __callback(*args, **kwargs)
File "/root/wpgarlic/venv/lib/python3.9/site-packages/typer/main.py", line 500, in wrapper
return callback(**use_params) # type: ignore
File "/root/wpgarlic/print_findings.py", line 245, in print_findings_from_folder
f"({100.0 * num_paths_with_printed_reports / len(file_names):.02f}%)"
ZeroDivisionError: float division by zero

I deleted all containers and images and deleted the project folder and rebuilt the whole thing from scratch but that sadly didn't help.
I can see that the Fuzzing is happening in the first stage and the huge findings .Json file being created, but then the reporter prints that it couldn't find anything even though I'm testing the same plugin I tested before and I'm sure that there are some findings at least.
Do you have an Idea what might be causing this and how to fix it ?
Thanks a lot !

I would like to pass each fuzzing request through a proxy server (such as burp suite).
Could you please help me and tell me how to do this?

I'm unable to fuzz multiple plugins located in a folder using the --file-or-folder-to-fuzz option, when I've tried directly running ./bin/fuzz_plugin <folder path>, this led to an error:

Traceback (most recent call last):
  File "/home/user/wpgarlic/fuzz_plugin.py", line 234, in <module>
    typer.run(fuzz_plugin)
  File "/home/user/wpgarlic/fuzz_plugin.py", line 69, in fuzz_plugin
    assert all(
AssertionError

Any guidance or a potential fix would be appreciated.

Running on Ubuntu 22.04.3 LTS on WSL2.

Hi,

When executing the following command, I don't get any results:

./bin/fuzz_plugin responsive-vector-maps --version 6.4.0

./bin/print_findings data/plugin_fuzz_results/
  0%|                                                                                             | 0/1 [00:00<?, ?it/s]data/plugin_fuzz_results/responsive-vector-maps_2ebc606988056f9282e287708b380297.json
Nothing found in responsive-vector-maps_2ebc606988056f9282e287708b380297.json. Archiving the report...
data/plugin_fuzz_results/scanned/responsive-vector-maps_2ebc606988056f9282e287708b380297.json:	 11.5% -- replaced with data/plugin_fuzz_results/scanned/responsive-vector-maps_2ebc606988056f9282e287708b380297.json.gz
100%|████████████████████████████████████████████████████████████████████████████████████| 1/1 [00:00<00:00, 677.05it/s]
Unique filepaths total: 1
Filepaths with report printed: 0 (0.00%)

The only change I made is changing the version to "3.3" in docker-compose.yaml
Here are the logs of the installation. Let me know if you spot any issue:

wpgarlic_install_logs.txt