WAF>> Saker>> 返回
项目作者: LyleMi

项目描述 :
Flexible Penetrate Testing Auxiliary Suite
高级语言: Python
项目地址: git://github.com/LyleMi/Saker.git
创建时间: 2017-09-15T00:58:14Z
项目社区:https://github.com/LyleMi/Saker
开源协议:GNU General Public License v3.0
下载




Saker logo

Penetrate Testing Auxiliary Suite








中文版本(Chinese version)

Saker is a flexible penetrate testing auxiliary suite.

Table of contents

Features

brief introduction for support features:

  • scan website
    • infomation gathering
    • framework fingerprint
  • fuzz web request
    • XSS
    • SQL injection
    • SSRF
    • XXE
  • subdomain gathering
  • port scanner
  • bruteforce
    • web dir
    • zip password
    • domain
  • auxiliary servers
    • dns rebinding
    • ssrf
    • xss
  • third party api integration
    • censys
    • crtsh
    • fofa
    • github
    • shodan
    • sqlmap
    • threadcrowd

Quick Setup

latest version

  1. pip install -U git+https://github.com/lylemi/saker
  1. git clone https://github.com/LyleMi/Saker.git
  2. pip install -r requirements.txt
  3. python setup.py install

stable version

  1. pip install Saker

develop install

add /path/to/saker to PYTHONPATH

  1. export PYTHONPATH=/path/to/saker:$PYTHONPATH

Example Cases

Scan Website

  1. from saker.core.scaner import Scanner
  2. s = Scanner("http://127.0.0.1")
  3. s.scan(filename="index.php", ext="php")

or by shell

  1. python -m saker scan
  3. usage: main.py [options]
  5. Saker Scanner
  7. optional arguments:
  8.   -h, --help            show this help message and exit
  9.   -s, --scan            run with list model
  10.   -f file, --file file  scan specific file
  11.   -e ext, --ext ext     scan specific ext
  12.   -i, --info            get site info
  13.   -u URL, --url URL     define specific url
  14.   -p PROXY, --proxy PROXY
  15.                         proxy url
  16.   -t INTERVAL, --timeinterval INTERVAL
  17.                         scan time interval, random sleep by default

Fuzz Website

  1. from saker.core.mutator import Mutator
  2. options = {
  3.     "url": "http://127.0.0.1:7777/",
  4.     "params": {
  5.         "test": "test"
  6.     }
  7. }
  8. m = Mutator(options)
  9. m.fuzz('url')
  10. m.fuzz('params', 'test')

or by shell

  1. python -m saker fuzz
  3. usage: [options]
  5. Saker Fuzzer
  7. optional arguments:
  8.   -h, --help            show this help message and exit
  9.   -u URL, --url URL     define specific url
  10.   -m METHOD, --method METHOD
  11.                         request method, use get as default
  12.   -p PARAMS, --params PARAMS
  13.                         request params, use empty string as default
  14.   -d DATA, --data DATA  request data, use empty string as default
  15.   -H HEADERS, --headers HEADERS
  16.                         request headers, use empty string as default
  17.   -c COOKIES, --cookies COOKIES
  18.                         request cookies, use empty string as default
  19.   -P PART, --part PART  fuzz part, could be url / params / data / ...
  20.   -k KEY, --key KEY     key to be fuzzed
  21.   -v VULN, --vuln VULN  Vulnarability type to be fuzzed
  22.   -t INTERVAL, --timeinterval INTERVAL
  23.                         scan time interval, random sleep by default

Port Scanner

  1. python -m saker port
  3. usage: [options]
  5. Saker Port Scanner
  7. optional arguments:
  8.   -h, --help            show this help message and exit
  9.   -t TARGET, --target TARGET
  10.                         define scan target
  11.   -b, --background      run port scanner in background with unix daemon, only
  12.                         support unix platform

Generate fuzz payload

Unicode Fuzz

  1. from saker.fuzzer.code import Code
  2. payload = Code.fuzzErrorUnicode(payload)

Fuzz SSI

  1. from saker.fuzzers.ssi import SSI
  2. payloads = [i for i in SSI.fuzz()]

Brute password or others

  1. from saker.brute.dir import DirBrute
  2. dirBrute = DirBrute("php", "index.php")
  3. paths = dirBrute.weakfiles()

now support brute http basic auth, ftp, mysql, ssh, telnet, zipfile…

Call Third Party API

Crt.sh

  1. from saker.api.crtsh import crtsh
  2. crtsh("github.com")

DNSDumper

  1. from saker.api.dnsdumper import DNSdumpster
  2. DNSdumpster("github.com")

Github API

  1. from saker.api.githubapi import GithubAPI
  2. g = GithubAPI()
  3. g.gatherByEmail("@github.com")

SQLMap API

  1. from saker.api.sqlmap import SQLMap
  2. options = {"url": "https://github.com"}
  3. SQLMap().scan(options)

Handle HTML

  1. import requests
  2. from saker.handler.htmlHandler import HTMLHandler
  3. r = requests.get("https://github.com")
  4. h = HTMLHandler(r.text)
  5. print(h.title)
  6. The worlds leading software development platform · GitHub
  7. print(h.subdomains("github.com"))
  8. ['enterprise.github.com', 'resources.github.com', 'developer.github.com', 'partner.github.com', 'desktop.github.com', 'api.github.com', 'help.github.com', 'customer-stories-feed.github.com', 'live-stream.github.com', 'services.github.com', 'lab.github.com', 'shop.github.com', 'education.github.com']

Special Server

  1. from saker.servers.socket.dnsrebinding import RebindingServer
  2. values = {
  3.     'result': ['8.8.8.8', '127.0.0.1'],
  4.     'index': 0
  5. }
  6. dnsServer = RebindingServer(values)
  7. dnsServer.serve_forever()

Todo

APK analyze

Contributing

Contributions, issues and feature requests are welcome.

Feel free to check issues page if you want to contribute.

Disclaimer

This project is for educational purposes only. Do not test or attack any system with this tool unless you have explicit permission to do so.

Show your support

Please star this repository if this project helped you.

Issues

If you face any issue, you can create a new issue in the Issues Tab and I will be glad to help you out.

License

Copyright © 2019-2021 Lyle.

This project is GPLv3 licensed.

sample_1649759427414.pdf