telekom-security / explo Goto Github PK
View Code? Open in Web Editor NEWHuman and machine readable web vulnerability testing format
License: GNU General Public License v3.0
Human and machine readable web vulnerability testing format
License: GNU General Public License v3.0
There needs to be a way to define a check for a response code.
Example usecase: Check if a request to /admin/foo returns a 500:
name: exploit
description: checks if a request to /admin/foo returns a status code 500
module: http
parameter:
url: http://example.com/admin/foo
find_response_code: 500
Hi,
the method "headers_required" always returns "success" for me.
name: headers_required broken
description: headers_required always returns success
module: http
parameter:
url: https://www.example.com
method: GET
headers:
User-Agent: Mozilla/5.0
headers_required:
iDontExist: .
% explo headers.explo
Loading headers.explo
---
Block headers_required broken: The header_required method seems to be broken
HTTP Response: 200 (1256 bytes)
==> Success.
Am I missing something here or is it broken somehow?
Hey there,
Firstly I'd like to thank you for this project and for the awesome idea behind it.
During integration explo as a library in the workflow I faced a problem - explo seems very restrictive about fields included and lacks "informative" fields for the whole multistaged exploit, like a hostname affected, CVSS, a high-level overall description and other customized fields.
This informative fields could be in the additional yaml object on top of the file or something like that, what you think?
Hi,
would be great to have the ability to provide content to the scripts as command line arguments.
Example:
# explo login.yaml username password
# explo api_abuse.yaml auth_token
Inside the script you can access the values like $1, $2, etc.
Thanks for your consideration and keep it up! :)
Hi,
is there a way to check for the actual contents of a return header? This would be helpful to test for Open Redirect vulnerabilities.
Example Explo file:
name: Open Redirect
description: example.com - Open Redirect via Callback parameter
module: http
parameter:
url: https://www.company.com/login.html?Callback=https://example.com
method: GET
headers:
User-Agent: Mozilla/5.0
expect_response_code: 302
headers_required:
Location: https://example.com
Hello,
Can you add json-like data in POST message?
like this:
payload = {'some': 'data'}
r = requests.post(url, json=payload)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.