mirror of
https://github.com/carlospolop/hacktricks
synced 2024-12-11 22:03:10 +00:00
303 lines
16 KiB
Markdown
303 lines
16 KiB
Markdown
# Chombo cha Wavuti - WFuzz
|
|
|
|
<details>
|
|
|
|
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
|
|
|
|
Njia nyingine za kusaidia HackTricks:
|
|
|
|
* Ikiwa unataka kuona **kampuni yako ikionekana kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
|
|
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
|
|
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
|
|
|
|
</details>
|
|
|
|
Chombo cha kufanya FUZZ kwenye programu za wavuti popote.
|
|
|
|
> [Wfuzz](https://github.com/xmendez/wfuzz) imeundwa ili kurahisisha kazi katika tathmini za programu za wavuti na inategemea dhana rahisi: inabadilisha kumbukumbu yoyote ya neno la FUZZ na thamani ya mzigo uliopewa.
|
|
|
|
## Usanidi
|
|
|
|
Imewekwa kwenye Kali
|
|
|
|
Github: [https://github.com/xmendez/wfuzz](https://github.com/xmendez/wfuzz)
|
|
```
|
|
pip install wfuzz
|
|
```
|
|
## Chaguo za Kuchuja
|
|
|
|
The `--filter` option in `wfuzz` allows you to filter the output based on specific criteria. This can be useful when dealing with large amounts of data and you only want to focus on certain results.
|
|
|
|
### Basic Filtering
|
|
|
|
To perform basic filtering, you can use the `--filter` option followed by the filter criteria. For example, to only display responses with a status code of 200, you can use the following command:
|
|
|
|
```
|
|
wfuzz --filter "status_code=200" ...
|
|
```
|
|
|
|
### Advanced Filtering
|
|
|
|
In addition to basic filtering, `wfuzz` also supports advanced filtering using logical operators such as `AND`, `OR`, and `NOT`. This allows you to create more complex filter conditions.
|
|
|
|
To use logical operators, you can enclose the filter criteria in parentheses and use the operators to combine them. For example, to display responses with a status code of 200 or 404, you can use the following command:
|
|
|
|
```
|
|
wfuzz --filter "(status_code=200 OR status_code=404)" ...
|
|
```
|
|
|
|
You can also use the `NOT` operator to exclude certain results. For example, to display responses with a status code other than 200, you can use the following command:
|
|
|
|
```
|
|
wfuzz --filter "NOT status_code=200" ...
|
|
```
|
|
|
|
### Multiple Filters
|
|
|
|
You can apply multiple filters to further refine your results. Simply separate each filter criteria with a comma. For example, to display responses with a status code of 200 and a content length of 100, you can use the following command:
|
|
|
|
```
|
|
wfuzz --filter "status_code=200, content_length=100" ...
|
|
```
|
|
|
|
### Regular Expressions
|
|
|
|
`wfuzz` also supports regular expressions for more advanced filtering. You can use regular expressions to match specific patterns in the response data.
|
|
|
|
To use regular expressions, you can enclose the filter criteria in forward slashes (`/`) and use the regular expression syntax. For example, to display responses with a URL that ends with `.php`, you can use the following command:
|
|
|
|
```
|
|
wfuzz --filter "url=/\.php$/" ...
|
|
```
|
|
|
|
### Case Sensitivity
|
|
|
|
By default, `wfuzz` performs case-insensitive filtering. However, you can use the `--case-sensitive` option to enable case-sensitive filtering if needed.
|
|
|
|
```
|
|
wfuzz --filter "..." --case-sensitive ...
|
|
```
|
|
|
|
### Summary
|
|
|
|
Filtering options in `wfuzz` allow you to narrow down your results and focus on specific criteria. Whether you need basic filtering or more advanced filtering using logical operators or regular expressions, `wfuzz` provides the flexibility to customize your output.
|
|
```bash
|
|
--hs/ss "regex" #Hide/Show
|
|
#Simple example, match a string: "Invalid username"
|
|
#Regex example: "Invalid *"
|
|
|
|
--hc/sc CODE #Hide/Show by code in response
|
|
--hl/sl NUM #Hide/Show by number of lines in response
|
|
--hw/sw NUM #Hide/Show by number of words in response
|
|
--hh/sh NUM #Hide/Show by number of chars in response
|
|
--hc/sc NUM #Hide/Show by response code
|
|
```
|
|
## Chaguo za Matokeo
|
|
|
|
### -c, --csv
|
|
|
|
Hii chaguo inaruhusu kuhifadhi matokeo kwenye faili ya CSV. Unaweza kutaja jina la faili ya CSV kwa kutumia chaguo hiki.
|
|
|
|
```bash
|
|
wfuzz -c -o results.csv
|
|
```
|
|
|
|
### -o, --output
|
|
|
|
Chaguo hili linaruhusu kuhifadhi matokeo kwenye faili ya maandishi. Unaweza kutaja jina la faili ya matokeo kwa kutumia chaguo hiki.
|
|
|
|
```bash
|
|
wfuzz -o results.txt
|
|
```
|
|
|
|
### -d, --delimiters
|
|
|
|
Chaguo hili linaruhusu kubadilisha delimiters (vibadilishaji) vinavyotumiwa katika faili ya matokeo. Unaweza kutaja delimiters mbalimbali kwa kutumia chaguo hiki.
|
|
|
|
```bash
|
|
wfuzz -d ",|"
|
|
```
|
|
|
|
### -f, --filters
|
|
|
|
Chaguo hili linaruhusu kutumia filters (vichujio) kwenye matokeo. Unaweza kutaja filters mbalimbali kwa kutumia chaguo hiki.
|
|
|
|
```bash
|
|
wfuzz -f "status!=404"
|
|
```
|
|
|
|
### -s, --save
|
|
|
|
Chaguo hili linaruhusu kuhifadhi matokeo ya kila ombi kwenye faili tofauti. Unaweza kutaja jina la katalogi ya kuhifadhi matokeo kwa kutumia chaguo hiki.
|
|
|
|
```bash
|
|
wfuzz -s results/
|
|
```
|
|
```bash
|
|
wfuzz -e printers #Prints the available output formats
|
|
-f /tmp/output,csv #Saves the output in that location in csv format
|
|
```
|
|
### Chaguzi za Wafungaji
|
|
|
|
Wafungaji ni zana muhimu katika uwanja wa udukuzi wa wavuti. Wanaweza kutumika kubadilisha au kuficha data ili kuepuka kugunduliwa na vifaa vya usalama au kuzuia kuvuja kwa habari nyeti. Hapa chini ni chaguzi kadhaa za wafungaji ambazo unaweza kutumia:
|
|
|
|
- **URL Encoding**: Inabadilisha herufi na alama zisizo salama katika URL kuwa nambari za asilimia. Kwa mfano, nafasi inabadilishwa kuwa "%20".
|
|
- **HTML Encoding**: Inabadilisha herufi na alama zisizo salama katika HTML kuwa nambari za kipekee. Kwa mfano, alama ya ishara ya nukta inabadilishwa kuwa ".".
|
|
- **Base64 Encoding**: Inabadilisha data kuwa aina ya maandishi ya ASCII. Inaweza kutumika kuficha data nyeti kwa kuifanya isomeke kwa urahisi.
|
|
- **Hex Encoding**: Inabadilisha data kuwa aina ya maandishi ya hexadecimal. Inaweza kutumika kuficha data au kubadilisha herufi za ASCII kuwa nambari za hexadecimal.
|
|
- **Unicode Encoding**: Inabadilisha herufi na alama za ASCII kuwa nambari za Unicode. Inaweza kutumika kuficha data au kubadilisha herufi za ASCII kuwa nambari za Unicode.
|
|
|
|
Kwa kutumia chaguzi hizi za wafungaji, unaweza kuwa na uwezo wa kuficha data yako au kubadilisha muundo wake ili kuepuka kugunduliwa na vifaa vya usalama.
|
|
```bash
|
|
wfuzz -e encoders #Prints the available encoders
|
|
#Examples: urlencode, md5, base64, hexlify, uri_hex, doble urlencode
|
|
```
|
|
Ili kutumia kifanyaji, lazima ukitaje kwenye chaguo la **"-w"** au **"-z"**.
|
|
|
|
Mifano:
|
|
```bash
|
|
-z file,/path/to/file,md5 #Will use a list inside the file, and will transform each value into its md5 hash before sending it
|
|
-w /path/to/file,base64 #Will use a list, and transform to base64
|
|
-z list,each-element-here,hexlify #Inline list and to hex before sending values
|
|
```
|
|
## CheetSheet
|
|
|
|
### Kuingia kwa nguvu kwenye Fomu ya Kuingia
|
|
|
|
#### **POST, Orodha moja, kichujio cha herufi (ficha)**
|
|
```bash
|
|
wfuzz -c -w users.txt --hs "Login name" -d "name=FUZZ&password=FUZZ&autologin=1&enter=Sign+in" http://zipper.htb/zabbix/index.php
|
|
#Here we have filtered by line
|
|
```
|
|
#### **POST, Orodha 2, Kanuni ya kuchuja (onyesha)**
|
|
```bash
|
|
wfuzz.py -c -z file,users.txt -z file,pass.txt --sc 200 -d "name=FUZZ&password=FUZ2Z&autologin=1&enter=Sign+in" http://zipper.htb/zabbix/index.php
|
|
#Here we have filtered by code
|
|
```
|
|
#### **GET, orodha 2, chuja kamba (onyesha), wakala, vidakuzi**
|
|
```bash
|
|
wfuzz -c -w users.txt -w pass.txt --ss "Welcome " -p 127.0.0.1:8080:HTTP -b "PHPSESSIONID=1234567890abcdef;customcookie=hey" "http://example.com/index.php?username=FUZZ&password=FUZ2Z&action=sign+in"
|
|
```
|
|
### Kuvunja Nguvu Daktari/RESTful kuvunja nguvu
|
|
|
|
[Arjun orodha ya maneno ya vigezo](https://raw.githubusercontent.com/s0md3v/Arjun/master/arjun/db/params.txt)
|
|
```
|
|
wfuzz -c -w /tmp/tmp/params.txt --hc 404 https://domain.com/api/FUZZ
|
|
```
|
|
### Vigezo vya Njia BF
|
|
|
|
Wakati wa kufanya upimaji wa kuingilia kwenye wavuti, njia moja ya kugundua vigezo vya njia ni kwa kutumia zana inayoitwa WFuzz. WFuzz inaruhusu mtumiaji kufanya mashambulizi ya nguvu kwa kubadilisha vigezo vya njia na kuchunguza majibu ya wavuti.
|
|
|
|
Kwa kuanza, unahitaji kupata vigezo vya njia ambavyo vinaweza kubadilishwa. Unaweza kufanya hivyo kwa kuchunguza URL ya wavuti na kutambua sehemu ambazo zinaonekana kama vigezo. Kwa mfano, ikiwa una URL kama `https://www.example.com/page?param1=value1¶m2=value2`, basi `param1` na `param2` ni vigezo vya njia.
|
|
|
|
Baada ya kupata vigezo vya njia, unaweza kutumia WFuzz kubadilisha vigezo hivyo na kufanya mashambulizi ya nguvu. WFuzz itabadilisha vigezo na kujaribu kila mmoja wao kwa kutumia seti ya maneno au nambari. Kwa kila jaribio, itachunguza majibu ya wavuti ili kuona ikiwa kuna dalili ya shambulio la mafanikio, kama vile ujumbe wa makosa au matokeo yasiyotarajiwa.
|
|
|
|
Kwa kutumia njia hii, unaweza kugundua vigezo vya njia ambavyo havijalindwa vizuri na kujaribu kufanya mashambulizi ya nguvu ili kupata habari au ufikiaji usiohalali kwenye wavuti. Ni muhimu kutumia zana kama WFuzz kwa uangalifu na kwa idhini ya mmiliki wa wavuti ili kuepuka kukiuka sheria na kufanya shughuli haramu.
|
|
```bash
|
|
wfuzz -c -w ~/git/Arjun/db/params.txt --hw 11 'http://example.com/path%3BFUZZ=FUZZ'
|
|
```
|
|
### Uthibitishaji wa Kichwa
|
|
|
|
#### **Msingi, Orodha 2, kichujio cha herufi (onyesha), proksi**
|
|
```bash
|
|
wfuzz -c -w users.txt -w pass.txt -p 127.0.0.1:8080:HTTP --ss "Welcome" --basic FUZZ:FUZ2Z "http://example.com/index.php"
|
|
```
|
|
#### **NTLM, orodha 2, kichujio cha herufi (onyesha), proksi**
|
|
```bash
|
|
wfuzz -c -w users.txt -w pass.txt -p 127.0.0.1:8080:HTTP --ss "Welcome" --ntlm 'domain\FUZZ:FUZ2Z' "http://example.com/index.php"
|
|
```
|
|
### Kuvunja Nenosiri la Cookie/Header (vhost brute)
|
|
|
|
#### **Cookie, nambari ya kichujio (onyesha), wakala**
|
|
```bash
|
|
wfuzz -c -w users.txt -p 127.0.0.1:8080:HTTP --ss "Welcome " -H "Cookie:id=1312321&user=FUZZ" "http://example.com/index.php"
|
|
```
|
|
#### **User-Agent, kificho cha kuchuja (ficha), proksi**
|
|
|
|
Wakati mwingine, kwa sababu mbalimbali, unaweza kuhitaji kubadilisha User-Agent wako wakati wa kufanya majaribio ya kuingia kwenye wavuti. Hii inaweza kuwa muhimu kwa sababu fulani za usalama au kwa kujaribu kudanganya mfumo wa ulinzi wa wavuti. Kwa bahati nzuri, kuna zana nyingi ambazo zinaweza kukusaidia kufanya hivyo.
|
|
|
|
Moja ya zana hizo ni `wfuzz`. `Wfuzz` ni chombo cha kufanya majaribio ya kuingia kwenye wavuti ambacho kinaweza kutumika kwa njia nyingi tofauti. Moja ya matumizi yake ni kubadilisha User-Agent wakati wa kufanya majaribio.
|
|
|
|
Kwa mfano, unaweza kutumia `wfuzz` kubadilisha User-Agent wako kuwa "Googlebot" ili kujaribu kufikia maudhui yaliyofichwa ambayo yanaweza kuwa yanapatikana tu kwa wabebaji wa injini za utafutaji kama Google.
|
|
|
|
Kwa kuongeza, `wfuzz` inaruhusu kuficha kificho chako cha kuchuja wakati wa kufanya majaribio. Hii inaweza kuwa muhimu ikiwa unataka kuficha mbinu yako ya kuingia kwenye wavuti kutoka kwa wamiliki wa wavuti au watumiaji wengine.
|
|
|
|
Mbali na hayo, `wfuzz` inasaidia pia matumizi ya proksi. Unaweza kuweka proksi ili kuficha anwani yako ya IP halisi na kufanya majaribio yako ya kuingia kuonekana kutoka kwa anwani nyingine ya IP. Hii inaweza kuwa muhimu kwa kudumisha faragha yako na kuepuka kufuatiliwa wakati wa kufanya majaribio ya kuingia kwenye wavuti.
|
|
|
|
Kwa kumalizia, `wfuzz` ni chombo kizuri cha kufanya majaribio ya kuingia kwenye wavuti ambacho kinaweza kutumika kwa njia nyingi tofauti, ikiwa ni pamoja na kubadilisha User-Agent, kuficha kificho chako cha kuchuja, na kutumia proksi.
|
|
```bash
|
|
wfuzz -c -w user-agents.txt -p 127.0.0.1:8080:HTTP --ss "Welcome " -H "User-Agent: FUZZ" "http://example.com/index.php"
|
|
```
|
|
#### **Mwenyeji**
|
|
```bash
|
|
wfuzz -c -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-
|
|
top1million-20000.txt --hc 400,404,403 -H "Host: FUZZ.example.com" -u
|
|
http://example.com -t 100
|
|
```
|
|
#### **Kutumia faili**
|
|
|
|
Wakati mwingine, unaweza kutaka kufanya jaribio la nguvu kwenye seva ya wavuti ili kugundua ni aina gani za njia za HTTP zinazokubalika. Unaweza kutumia faili ili kufanya hivyo.
|
|
|
|
Kwanza, unahitaji kuunda faili ambayo ina orodha ya njia za HTTP ambazo unataka kujaribu. Kila njia inapaswa kuwa kwenye mstari wake mwenyewe. Kwa mfano:
|
|
|
|
```
|
|
GET
|
|
POST
|
|
PUT
|
|
DELETE
|
|
```
|
|
|
|
Baada ya kuunda faili, unaweza kutumia zana kama `wfuzz` kufanya jaribio la nguvu kwa kutumia faili hii. Zana hii itajaribu kila njia kwenye orodha dhidi ya lengo lako na kukupa matokeo.
|
|
|
|
Kwa mfano, unaweza kutumia amri ifuatayo:
|
|
|
|
```
|
|
wfuzz -c -z file,wordlist.txt http://example.com/FUZZ
|
|
```
|
|
|
|
Katika amri hii, `-c` inawezesha kufuatilia matokeo ya kila jaribio, `-z file,wordlist.txt` inaelekeza `wfuzz` kutumia faili `wordlist.txt` kama orodha ya njia za HTTP, na `http://example.com/FUZZ` inaweka lengo la jaribio la nguvu, ambapo `FUZZ` itabadilishwa na kila njia kwenye orodha.
|
|
|
|
Kwa kufanya hivyo, unaweza kugundua njia za HTTP zinazokubalika kwenye seva ya wavuti na kuchunguza ikiwa kuna njia yoyote ambayo inaweza kusababisha shambulio au uvujaji wa habari.
|
|
```bash
|
|
wfuzz -c -w methods.txt -p 127.0.0.1:8080:HTTP --sc 200 -X FUZZ "http://example.com/index.php"
|
|
```
|
|
#### **Kutumia orodha ndani ya mstari**
|
|
```bash
|
|
$ wfuzz -z list,GET-HEAD-POST-TRACE-OPTIONS -X FUZZ http://testphp.vulnweb.com/
|
|
```
|
|
### Kuvunja Nguvu ya Majedwali na Faili
|
|
|
|
Kuvunja nguvu ya majedwali na faili ni mbinu ya kawaida katika uchunguzi wa usalama wa wavuti. Inahusisha kutumia zana kama vile `wfuzz` kutafuta na kuvunja nguvu majedwali na faili zilizofichwa au zilizopatikana kwenye wavuti.
|
|
|
|
#### Kuvunja Nguvu ya Majedwali
|
|
|
|
Kuvunja nguvu ya majedwali ni mchakato wa kujaribu kila aina ya maneno ya siri au nywila ili kupata ufikiaji usio halali kwenye mfumo au akaunti. Zana kama `wfuzz` inaweza kutumika kufanya kazi hii kwa kujaribu maneno ya siri tofauti na kuchunguza majibu ya wavuti ili kugundua ikiwa maneno ya siri yaliyotumiwa ni sahihi au la.
|
|
|
|
#### Kuvunja Nguvu ya Faili
|
|
|
|
Kuvunja nguvu ya faili ni mchakato wa kutafuta na kuvunja nguvu ya faili zilizofichwa au zilizopatikana kwenye wavuti. Zana kama `wfuzz` inaweza kutumika kufanya kazi hii kwa kujaribu majina tofauti ya faili na kuchunguza majibu ya wavuti ili kugundua ikiwa faili zilizotafutwa zinapatikana au la.
|
|
|
|
Kwa kutumia zana kama `wfuzz`, unaweza kufanya uchunguzi wa kina wa wavuti ili kutambua majedwali na faili zilizofichwa au zilizopatikana ambazo zinaweza kusababisha hatari za usalama. Hii inaweza kusaidia katika kugundua udhaifu na kuchukua hatua za kurekebisha ili kuzuia ukiukaji wa usalama.
|
|
```bash
|
|
#Filter by whitelisting codes
|
|
wfuzz -c -z file,/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --sc 200,202,204,301,302,307,403 http://example.com/uploads/FUZZ
|
|
```
|
|
## Zana ya kudukua Tovuti
|
|
|
|
[https://github.com/carlospolop/fuzzhttpbypass](https://github.com/carlospolop/fuzzhttpbypass)
|
|
|
|
<details>
|
|
|
|
<summary><strong>Jifunze kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
|
|
|
|
Njia nyingine za kusaidia HackTricks:
|
|
|
|
* Ikiwa unataka kuona **kampuni yako ikionekana kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
|
|
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
|
|
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
|
|
|
|
</details>
|