Quick Start

Install

Simply

$ pip3 install -U fluidasserts

Note that Asserts runs only with Python 3.7 or higher.

See more details in the Installing page.

Usage

Import the required Fluid Asserts modules into your exploit:

from fluidasserts.proto import http

http.has_sqli('http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27')

And run your exploit. Asserts will tell you whether the vulnerability has_sqli() is still open or has been closed:

#    ________      _     __   ___                        __
#   / ____/ /_  __(_)___/ /  /   |  _____________  _____/ /______
#  / /_  / / / / / / __  /  / /| | / ___/ ___/ _ \/ ___/ __/ ___/
# / __/ / / /_/ / / /_/ /  / ___ |(__  |__  )  __/ /  / /_(__  )
#/_/   /_/\__,_/_/\__,_/  /_/  |_/____/____/\___/_/   \__/____/
#
# v. 19.10.21424
#  ___
# | >>|> fluid
# |___|  attacks, we hack your software
#
# Loading attack modules ...
#
---
check: fluidasserts.proto.http -> has_sqli
description: Check SQLi vulnerability by checking common SQL strings in response.
status: OPEN
message: Bad text is present in response
vulnerabilities:
- where: http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27
  source: HTTP/Response/Body
  specific: HTTP/Implementation
  fingerprint:
    verb: GET
    status: 200
    headers:
      Server: nginx/1.4.1
      Date: Wed, 06 May 1970 14:20:25 GMT
      Content-Type: text/xml
      Transfer-Encoding: chunked
      Connection: keep-alive
      X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
    sha256: 588702eb0b53294654f934d86664956e9739db47c34ffd8d703550cd5fd670a0
parameters:
  url: http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27
  args: []
  kwargs: {}
vulnerable_incidences: 1
when: 2019-10-15T21:05:51+0000
elapsed_seconds: 0.2
test_kind: DAST
risk: high
---
summary:
  test time: 0.4708 seconds
  checks:
    total: 1 (100%)
    errors: 0 (0.00%)
    unknown: 0 (0.00%)
    closed: 0 (0.00%)
    opened: 1 (100.00%)
  risk:
    high: 1 (100.00%)
    medium: 0 (0.00%)
    low: 0 (0.00%)

See more use cases and examples in our Usage page.