Quick Start¶
Install¶
Simply
$ pip3 install -U fluidasserts
Note that Asserts runs only with Python 3.7 or higher.
See more details in the Installing page.
Usage¶
Import the required Fluid Asserts modules into your exploit:
from fluidasserts.proto import http
http.has_sqli('http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27')
And run your exploit.
Asserts will tell you
whether the vulnerability
has_sqli()
is still open
or has been closed:
# ________ _ __ ___ __
# / ____/ /_ __(_)___/ / / | _____________ _____/ /______
# / /_ / / / / / / __ / / /| | / ___/ ___/ _ \/ ___/ __/ ___/
# / __/ / / /_/ / / /_/ / / ___ |(__ |__ ) __/ / / /_(__ )
# /_/ /_/\__,_/_/\__,_/ /_/ |_/____/____/\___/_/ \__/____/
#
# v. 20.10.38625
# ___
# | >>|> fluid
# |___| attacks, we hack your software
#
---
check: fluidasserts.proto.http -> has_sqli
description: Check SQLi vulnerability by checking common SQL strings in response.
status: OPEN
message: Bad text is present in response
vulnerabilities:
- where: http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27
source: HTTP/Response/Body
specific: HTTP/Implementation
fingerprint:
verb: GET
status: 200
headers:
Server: nginx/1.4.1
Date: Wed, 14 Jan 1970 13:55:34 GMT
Content-Type: text/xml
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
sha256: 588702eb0b53294654f934d86664956e9739db47c34ffd8d703550cd5fd670a0
parameters:
url: http://testphp.vulnweb.com/AJAX/infoartist.php?id=3%27
args: []
kwargs: {}
vulnerable_incidences: 1
when: 2020-10-27T19:45:26+0000
elapsed_seconds: 0.22
test_kind: DAST
risk: high
---
summary:
test time: 0.5955 seconds
checks:
total: 1 (100%)
errors: 0 (0.00%)
unknown: 0 (0.00%)
closed: 0 (0.00%)
opened: 1 (100.00%)
vulnerabilities: 1
risk:
high: 1 (100.00%)
medium: 0 (0.00%)
low: 0 (0.00%)
exploits:
total: 1
See more use cases and examples in our Usage page.