Giter Club home page Giter Club logo

uploadfuzzer's Introduction

UploadFuzzer

描述

构造动态文件上传

功能

  • 可填写api等进行动态文件上传
  • 含有简单的bypass功能,如构造各种畸形请求绕过
  • 可选择正常图片再attach webshell上传
  • 可选择带有cookies请求
  • 脚本化常见文件上传绕过技巧

参数

选项 示例 作用
-h 帮助
-u -u htttp://xxx.com/upload 文件上传路径
-c -c "sessionid=xxx;userid=1" 身份认证,cookies,格式为document.cookie()
-f -f ~/image/a.jpg 上传的文件
--field --field upload_file 文件上传对应的参数值
--data --data "submit=提交;token=xxx" 文件上传时一并发送的数据
--attach --attach ~/exploit/webshell.php webshell文件,附加时将尝试合并在正常文件内
--bypass --bypass 尝试构造畸形请求绕过WAF,成功即停
--bypass_ignore --bypass_ignore 尝试构造畸形请求绕过WAF,将尝试全部payload
--content_type --content_type png 指定文件上传类型,可MIME欺骗

开发ing

  • 普通文件上传已完成
  • bypass部分持续开发中
  • 进行bypass时尝试重命名文件,以免新旧文件上传后互相覆盖

uploadfuzzer's People

Contributors

t-jinhao avatar

Stargazers

aaaabbbbcccc avatar twi1ight avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.