Usage

Most of Fluid Asserts functions for the end-user are predicates regarding a specific vulnerability. In that sense, you “ask” Asserts whether a certain Target of Evaluation has an open vulnerability of some type or if it has been closed.

Asserts replies by telling you that the status of the vulnerability is OPEN or CLOSED plus additional info, such as why it thinks the flaw is or is not still there, where it is found, when it was tested, and the fingerprint (the gory details of the transaction).

SQL Injection

To verify that a SQL injection is still open, you can write a script like this:

from fluidasserts.proto import http

http.has_sqli('http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27')

Then run it:

$ asserts open_sqli.py
# Fluid Asserts (v. 19.8.31526)
#  ___
# | >>|> fluid
# |___|  attacks, we hack your software
#
# Loading attack modules ...
#
---
check: fluidasserts.proto.http.has_sqli
description: Check SQLi vulnerability by checking common SQL strings.
status: OPEN
message: A bad text was present
details:
  url: http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27
  bad_text: Warning.*mysql_.*
  fingerprint:
    verb: GET
    status: 200
    banner:
      Server: nginx/1.4.1
      Content-Type: text/xml
      Transfer-Encoding: chunked
      Connection: keep-alive
      X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
    sha256: b9e3ba06ebd5595d9ff5dc13051cf30bd9ef64f640b0458f0ffde4ac1a4ef459
when: 2019-08-22 21:27:45.275462
risk: high
---
summary:
  test time: 0.3822 seconds
  checks:
    total: 1 (100%)
    errors: 0 (0.00%)
    unknown: 0 (0.00%)
    closed: 0 (0.00%)
    opened: 1 (100.00%)
  risk:
    high: 1 (100.00%)
    medium: 0 (0.00%)
    low: 0 (0.00%)

To verify that a SQL injection is closed, use the same function:

from fluidasserts.proto import http

http.has_sqli('http://testphp.vulnweb.com/AJAX/infoartist.php?id=3')
$ asserts closed_sqli.py
# Fluid Asserts (v. 19.8.31526)
#  ___
# | >>|> fluid
# |___|  attacks, we hack your software
#
# Loading attack modules ...
#
---
check: fluidasserts.proto.http.has_sqli
description: Check SQLi vulnerability by checking common SQL strings.
status: CLOSED
message: No bad text was present
details:
  url: http://testphp.vulnweb.com/AJAX/infoartist.php?id=3
  fingerprint:
    verb: GET
    status: 200
    banner:
      Server: nginx/1.4.1
      Content-Type: text/xml
      Transfer-Encoding: chunked
      Connection: keep-alive
      X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
    sha256: b9e3ba06ebd5595d9ff5dc13051cf30bd9ef64f640b0458f0ffde4ac1a4ef459
when: 2019-08-22 21:27:44.659359
risk: high
---
summary:
  test time: 0.4300 seconds
  checks:
    total: 1 (100%)
    errors: 0 (0.00%)
    unknown: 0 (0.00%)
    closed: 1 (100.00%)
    opened: 0 (0.00%)
  risk:
    high: 0 (0%)
    medium: 0 (0%)
    low: 0 (0%)

Cross-Site Scripting (XSS)

The function has_xss() requires a few more parameters:

from fluidasserts.proto import http

URL = 'http://testphp.vulnweb.com/guestbook.php'
BAD_TEXT = r'<script>alert\("Hacked by FLUIDAttacks"\);<\/script>'
DATA = {
    'name': 'anonymous user',
    'submit': 'add message',
    'text': '<script>alert("Hacked by FLUIDAttacks");</script>'
}

http.has_xss(URL, BAD_TEXT, data=DATA)
$ asserts open_xss.py
# Fluid Asserts (v. 19.8.31526)
#  ___
# | >>|> fluid
# |___|  attacks, we hack your software
#
# Loading attack modules ...
#
---
check: fluidasserts.proto.http.has_xss
description: Check XSS vulnerability by checking injected string.
status: OPEN
message: Bad text present
details:
  url: http://testphp.vulnweb.com/guestbook.php
  bad_text: <script>alert\("Hacked by FLUIDAttacks"\);<\/script>
  fingerprint:
    verb: POST
    status: 200
    banner:
      Server: nginx/1.4.1
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: keep-alive
      X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
      Content-Encoding: gzip
    sha256: 799bf19b0673bcd161c5827cfef3c27139a6f1adf81802ac80810c85e3908a22
  status_code: 200
when: 2019-08-22 21:27:46.483507
risk: medium
---
summary:
  test time: 0.3781 seconds
  checks:
    total: 1 (100%)
    errors: 0 (0.00%)
    unknown: 0 (0.00%)
    closed: 0 (0.00%)
    opened: 1 (100.00%)
  risk:
    high: 0 (0.00%)
    medium: 1 (100.00%)
    low: 0 (0.00%)

To test if an XSS vulnerability has been closed:

from fluidasserts.proto import http

URL = 'http://testphp.vulnweb.com/guestbook.php'
BAD_TEXT = r'<script>alert\("Hacked by FLUIDAttacks"\);<\/script>'
DATA = {
    'name': 'anonymous user',
    'submit': 'add message',
    'text': 'Hacked by FLUIDAttacks'
}

http.has_xss(URL, BAD_TEXT, data=DATA)
$ asserts closed_xss.py
# Fluid Asserts (v. 19.8.31526)
#  ___
# | >>|> fluid
# |___|  attacks, we hack your software
#
# Loading attack modules ...
#
---
check: fluidasserts.proto.http.has_xss
description: Check XSS vulnerability by checking injected string.
status: CLOSED
message: Bad text not present
details:
  url: http://testphp.vulnweb.com/guestbook.php
  bad_text: <script>alert\("Hacked by FLUIDAttacks"\);<\/script>
  fingerprint:
    verb: POST
    status: 200
    banner:
      Server: nginx/1.4.1
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: keep-alive
      X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
      Content-Encoding: gzip
    sha256: 799bf19b0673bcd161c5827cfef3c27139a6f1adf81802ac80810c85e3908a22
  status_code: 200
when: 2019-08-22 21:27:45.880423
risk: medium
---
summary:
  test time: 0.3789 seconds
  checks:
    total: 1 (100%)
    errors: 0 (0.00%)
    unknown: 0 (0.00%)
    closed: 1 (100.00%)
    opened: 0 (0.00%)
  risk:
    high: 0 (0%)
    medium: 0 (0%)
    low: 0 (0%)