CalvinBackup/CyberStrikeAI
1
0
Fork 0
mirror of https://github.com/Ed1s0nZ/CyberStrikeAI.git synced 2026-03-31 00:09:29 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
1908a66d8022c998aa8321b43ceaa9740697a11d
CyberStrikeAI/tools/api-fuzzer.yaml
公明 c6fbd12447 Add files via upload
2025-11-21 23:18:21 +08:00

106 lines
3.5 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
name: "api-fuzzer"
command: "python3"
args:
- "-c"
- |
import pathlib
import sys
import textwrap
from urllib.parse import urljoin
import requests
if len(sys.argv) < 2:
sys.stderr.write("缺少 base_url 参数\n")
sys.exit(1)
base_url = sys.argv[1]
endpoints_arg = sys.argv[2] if len(sys.argv) > 2 else ""
methods_arg = sys.argv[3] if len(sys.argv) > 3 else "GET,POST"
wordlist_path = sys.argv[4] if len(sys.argv) > 4 else ""
timeout = float(sys.argv[5]) if len(sys.argv) > 5 and sys.argv[5] else 10.0
methods = [m.strip().upper() for m in methods_arg.split(",") if m.strip()]
if not methods:
methods = ["GET"]
endpoints = []
if endpoints_arg:
endpoints = [ep.strip() for ep in endpoints_arg.split(",") if ep.strip()]
elif wordlist_path:
path = pathlib.Path(wordlist_path)
if not path.is_file():
sys.stderr.write(f"字典文件不存在: {path}\n")
sys.exit(1)
endpoints = [line.strip() for line in path.read_text().splitlines() if line.strip()]
if not endpoints:
sys.stderr.write("未提供端点列表或字典。\n")
sys.exit(1)
results = []
for endpoint in endpoints:
url = urljoin(base_url.rstrip("/") + "/", endpoint.lstrip("/"))
for method in methods:
try:
resp = requests.request(method, url, timeout=timeout, allow_redirects=False)
results.append({
"method": method,
"endpoint": endpoint,
"status": resp.status_code,
"length": len(resp.content),
"redirect": resp.headers.get("Location", "")
})
except requests.RequestException as exc:
results.append({
"method": method,
"endpoint": endpoint,
"error": str(exc)
})
for item in results:
if "error" in item:
print(f"[{item['method']}] {item['endpoint']} -> ERROR: {item['error']}")
else:
redirect = f" -> {item['redirect']}" if item.get("redirect") else ""
print(f"[{item['method']}] {item['endpoint']} -> {item['status']} ({item['length']} bytes){redirect}")
enabled: true
short_description: "API端点模糊测试工具支持智能参数发现"
description: |
基于requests的轻量级API端点探测脚本可按照提供的端点列表或字典对多个HTTP方法进行探测并记录状态码与响应长度。
parameters:
- name: "base_url"
type: "string"
description: "API基础URL例如 https://api.example.com/"
required: true
position: 0
format: "positional"
- name: "endpoints"
type: "string"
description: "逗号分隔的端点列表(如 /v1/users,/v1/auth/login"
required: false
default: ""
position: 1
format: "positional"
- name: "methods"
type: "string"
description: "HTTP方法列表逗号分隔默认 GET,POST"
required: false
default: "GET,POST"
position: 2
format: "positional"
- name: "wordlist"
type: "string"
description: "端点字典文件路径当未提供endpoints时使用"
required: false
default: "/usr/share/wordlists/api/api-endpoints.txt"
position: 3
format: "positional"
- name: "timeout"
type: "string"
description: "每个请求的超时时间默认10"
required: false
default: "10"
position: 4
format: "positional"
Reference in New Issue View Git Blame Copy Permalink