Quick Start

Install

Simply

$ pip3 install -U fluidasserts

Note that Asserts runs only with Python 3.6 or higher.

See more details in the Installing page.

Usage

Import the required Fluid Asserts modules into your exploit:

from fluidasserts.proto import http

http.has_sqli('http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27')

And run your exploit. Asserts will tell you whether the vulnerability has_sqli() is still open or has been closed:

# Fluid Asserts (v. 19.7.24504)
#  ___
# | >>|> fluid
# |___|  attacks, we hack your software
#
# Loading attack modules ...
#
---
check: fluidasserts.proto.http.has_sqli
description: Check SQLi vulnerability by checking common SQL strings.
status: OPEN
message: A bad text was present
details:
  url: http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27
  bad_text: Warning.*mysql_.*
  fingerprint:
    sha256: b9e3ba06ebd5595d9ff5dc13051cf30bd9ef64f640b0458f0ffde4ac1a4ef459
    banner:
      Server: nginx/1.4.1
      Content-Type: text/xml
      Transfer-Encoding: chunked
      Connection: keep-alive
      X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
when: 2019-07-18 00:26:14.842509
risk: high
---
summary:
  test time: 1.1359 seconds
  checks:
    total: 1 (100%)
    errors: 0 (0.00%)
    unknown: 0 (0.00%)
    closed: 0 (0.00%)
    opened: 1 (100.00%)
  risk:
    high: 1 (100.00%)
    medium: 0 (0.00%)
    low: 0 (0.00%)

See more use cases and examples in our Usage page.