CalvinBackup/CyberStrikeAI
1
0
Fork 0
mirror of https://github.com/Ed1s0nZ/CyberStrikeAI.git synced 2026-03-31 08:19:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
v1.0.0
CyberStrikeAI/tools/http-intruder.yaml
公明 832dbb2cd4 Add files via upload
2025-11-21 23:20:41 +08:00

131 lines
4.1 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
name: "http-intruder"
command: "python3"
args:
- "-c"
- |
import json
import sys
import time
from urllib.parse import urlencode, urlparse, parse_qs, urlunparse
import requests
if len(sys.argv) < 3:
sys.stderr.write("需要至少URL和载荷\n")
sys.exit(1)
url = sys.argv[1]
method = (sys.argv[2] or "GET").upper()
location = (sys.argv[3] or "query").lower()
params_json = sys.argv[4] if len(sys.argv) > 4 else "{}"
payloads_json = sys.argv[5] if len(sys.argv) > 5 else "[]"
max_requests = int(sys.argv[6]) if len(sys.argv) > 6 and sys.argv[6] else 0
try:
params_template = json.loads(params_json) if params_json else {}
except json.JSONDecodeError as exc:
sys.stderr.write(f"参数模板解析失败: {exc}\n")
sys.exit(1)
try:
payloads = json.loads(payloads_json)
except json.JSONDecodeError as exc:
sys.stderr.write(f"载荷解析失败: {exc}\n")
sys.exit(1)
if not isinstance(payloads, list) or not payloads:
sys.stderr.write("载荷列表不能为空\n")
sys.exit(1)
param_names = list(params_template.keys())
if not param_names:
sys.stderr.write("参数模板不能为空\n")
sys.exit(1)
session = requests.Session()
sent = 0
def build_query(original_url, data):
parsed = urlparse(original_url)
existing = {k: v[0] for k, v in parse_qs(parsed.query, keep_blank_values=True).items()}
existing.update(data)
new_query = urlencode(existing, doseq=True)
return urlunparse(parsed._replace(query=new_query))
for param in param_names:
for payload in payloads:
if max_requests and sent >= max_requests:
break
payload_str = str(payload)
if location == "query":
new_url = build_query(url, {param: payload_str})
response = session.request(method, new_url)
elif location == "body":
body = params_template.copy()
body[param] = payload_str
response = session.request(method, url, data=body)
elif location == "headers":
headers = params_template.copy()
headers[param] = payload_str
response = session.request(method, url, headers=headers)
elif location == "cookie":
cookies = params_template.copy()
cookies[param] = payload_str
response = session.request(method, url, cookies=cookies)
else:
sys.stderr.write(f"不支持的位置: {location}\n")
sys.exit(1)
sent += 1
length = len(response.content)
print(f"[{sent}] {param} = {payload_str} -> {response.status_code} ({length} bytes)")
if max_requests and sent >= max_requests:
break
if sent == 0:
sys.stderr.write("未发送任何请求,请检查参数配置。\n")
enabled: true
short_description: "简单的Intrudersniper模糊测试工具"
description: |
轻量级HTTP“狙击手”模式模糊器对每个参数逐一替换载荷并记录响应。
parameters:
- name: "url"
type: "string"
description: "目标URL"
required: true
position: 0
format: "positional"
- name: "method"
type: "string"
description: "HTTP方法默认GET"
required: false
default: "GET"
position: 1
format: "positional"
- name: "location"
type: "string"
description: "载荷位置query, body, headers, cookie"
required: false
default: "query"
position: 2
format: "positional"
- name: "params"
type: "string"
description: "参数模板JSON字典指定要模糊的键及默认值"
required: true
position: 3
format: "positional"
- name: "payloads"
type: "string"
description: "载荷列表JSON数组"
required: true
position: 4
format: "positional"
- name: "max_requests"
type: "int"
description: "最大请求数0表示全部"
required: false
default: 0
position: 5
format: "positional"
Reference in New Issue View Git Blame Copy Permalink