PuzlBox 1.0.0.9
Copyright (C) 2010 John Leitch john.leitch5@gmail.com
==Description
PuzlBox is a PHP fuzz tool that scans for several different vulnerabilities by
performing dynamic program analysis. It can detect the following vulnerabilities:
Arbitrary Command Execution
Arbitrary PHP Execution
Local File Inclusion
Aribtray File Read/Write/Change/Rename/Delete
SQL Injection
Reflected Cross-site Scripting
==Usage
PuzlBox must be run as administrator!
Do not navigate to any of the target web applications during the scan.
puzlbox [-s Server (default localhost)] [-m Scan Modes (default CFLPSX)] [Absolute Web Root] [-n No Unhook] [Application Paths (comma delimited)]
Modes:
C - Arbitrary Command Execution
F - Arbitrary File Read/Write/Change/Rename/Delete
L - Local File Inclusion
P - Arbitrary PHP Execution
S - SQL Injection
X - Reflected Cross-site Scripting
Examples:
puzlbox c:\xampp\htdocs MyApp
Runs all scans on MyApp, located in web root c:\xampp\htdocs
puzlbox -m CX c:\xampp\htdocs MyApp1,MyApp2
Runs Arbitrary Command Execution and Reflected Cross-site Scripting scans on MyApp1
and MyApp2 located in web root c:\xampp\htdocs
==Change Log
1.0.0.9
Added scan overview report
Updated SQL injection scan
Updated command scan
Minor interface updates
Fixed bug caused by use of open tag
使用前本地搭建环境
参数:
C - 任意命令执行
F - 任意文件读/写/更改/重命名/删除
L - 本地文件包含
P - 执行任意PHP
S - SQL注入
X - 反映跨站点脚本
列子:
puzlbox -m sx c:\wwwroot ecshop
扫描 c:\wwwroot 目录下ecshop的SQL注入和XSS!
puzlbox -m cf c:\wwwroot ecshop,shopex
扫描c:\wwwroot目录下ecshop,shopex的任意命令执行和任意文件读/写/更改/重命名/删除
DOWN
984
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
