Usage

Most of Fluid Asserts functions for the end-user are predicates regarding a specific vulnerability. In that sense, you “ask” Asserts whether a certain Target of Evaluation has an open vulnerability of some type or if it has been closed.

Asserts replies by telling you that the status of the vulnerability is OPEN or CLOSED plus additional info, such as why it thinks the flaw is or is not still there, where it is found, when it was tested, and the fingerprint (the gory details of the transaction).

SQL Injection

To verify that a SQL injection is still open, you can write a script like this:

from fluidasserts.proto import http

http.has_sqli('http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27')

Then run it:

$ asserts open_sqli.py
# Fluid Asserts (v. 18.12.15700)
#  ___
# | >>|> fluid
# |___|  attacks, we hack your software
#
# Loading attack modules ...
---
check: fluidasserts.proto.http.has_sqli
description: Check SQLi vulnerability by checking common SQL strings.
status: OPEN
message: A bad text was present
details:
  bad_text: Warning.*mysql_.*
  fingerprint:
    sha256: b9e3ba06ebd5595d9ff5dc13051cf30bd9ef64f640b0458f0ffde4ac1a4ef459
    banner:
      Server: nginx/1.4.1
      Content-Type: text/xml
      Transfer-Encoding: chunked
      Connection: keep-alive
      X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
  url: http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27
when: 2018-12-11 21:41:07.749614
risk-level: high
---
summary:
  checks:
    total: 1 (100%)
    unknown: 0 (0.00%)
    closed: 0 (0.00%)
    opened: 1 (100.00%)
  risk:
    high: 1 (100.00%)
    medium: 0 (0.00%)
    low: 0 (0.00%)

To verify that a SQL injection is closed, use the same function:

from fluidasserts.proto import http

http.has_sqli('http://testphp.vulnweb.com/AJAX/infoartist.php?id=3')
$ asserts closed_sqli.py
# Fluid Asserts (v. 18.12.15700)
#  ___
# | >>|> fluid
# |___|  attacks, we hack your software
#
# Loading attack modules ...
---
check: fluidasserts.proto.http.has_sqli
description: Check SQLi vulnerability by checking common SQL strings.
status: CLOSED
message: No bad text was present
details:
  fingerprint:
    sha256: b9e3ba06ebd5595d9ff5dc13051cf30bd9ef64f640b0458f0ffde4ac1a4ef459
    banner:
      Server: nginx/1.4.1
      Content-Type: text/xml
      Transfer-Encoding: chunked
      Connection: keep-alive
      X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
  url: http://testphp.vulnweb.com/AJAX/infoartist.php?id=3
when: 2018-12-11 21:41:06.292006
risk-level: high
---
summary:
  checks:
    total: 1 (100%)
    unknown: 0 (0.00%)
    closed: 1 (100.00%)
    opened: 0 (0.00%)
  risk:
    high: 0 (0%)
    medium: 0 (0%)
    low: 0 (0%)

Cross-Site Scripting (XSS)

The function has_xss() requires a few more parameters:

from fluidasserts.proto import http

URL = 'http://testphp.vulnweb.com/guestbook.php'
BAD_TEXT = r'<script>alert\("Hacked by FLUIDAttacks"\);<\/script>'
DATA = {
    'name': 'anonymous user',
    'submit': 'add message',
    'text': '<script>alert("Hacked by FLUIDAttacks");</script>'
}

http.has_xss(URL, BAD_TEXT, data=DATA)
$ asserts open_xss.py
# Fluid Asserts (v. 18.12.15700)
#  ___
# | >>|> fluid
# |___|  attacks, we hack your software
#
# Loading attack modules ...
---
check: fluidasserts.proto.http.has_xss
description: Check XSS vulnerability by checking injected string.
status: OPEN
message: Bad text present
details:
  bad_text: <script>alert\("Hacked by FLUIDAttacks"\);<\/script>
  fingerprint:
    sha256: 799bf19b0673bcd161c5827cfef3c27139a6f1adf81802ac80810c85e3908a22
    banner:
      Server: nginx/1.4.1
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: keep-alive
      X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
      Content-Encoding: gzip
  url: http://testphp.vulnweb.com/guestbook.php
when: 2018-12-11 21:41:10.543132
risk-level: medium
---
summary:
  checks:
    total: 1 (100%)
    unknown: 0 (0.00%)
    closed: 0 (0.00%)
    opened: 1 (100.00%)
  risk:
    high: 0 (0.00%)
    medium: 1 (100.00%)
    low: 0 (0.00%)

To test if an XSS vulnerability has been closed:

from fluidasserts.proto import http

URL = 'http://testphp.vulnweb.com/guestbook.php'
BAD_TEXT = r'<script>alert\("Hacked by FLUIDAttacks"\);<\/script>'
DATA = {
    'name': 'anonymous user',
    'submit': 'add message',
    'text': 'Hacked by FLUIDAttacks'
}

http.has_xss(URL, BAD_TEXT, data=DATA)
$ asserts closed_xss.py
# Fluid Asserts (v. 18.12.15700)
#  ___
# | >>|> fluid
# |___|  attacks, we hack your software
#
# Loading attack modules ...
---
check: fluidasserts.proto.http.has_xss
description: Check XSS vulnerability by checking injected string.
status: CLOSED
message: Bad text not present
details:
  bad_text: <script>alert\("Hacked by FLUIDAttacks"\);<\/script>
  fingerprint:
    sha256: 799bf19b0673bcd161c5827cfef3c27139a6f1adf81802ac80810c85e3908a22
    banner:
      Server: nginx/1.4.1
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: keep-alive
      X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
      Content-Encoding: gzip
  url: http://testphp.vulnweb.com/guestbook.php
when: 2018-12-11 21:41:09.131347
risk-level: medium
---
summary:
  checks:
    total: 1 (100%)
    unknown: 0 (0.00%)
    closed: 1 (100.00%)
    opened: 0 (0.00%)
  risk:
    high: 0 (0%)
    medium: 0 (0%)
    low: 0 (0%)