HTTP Intruder暴力破解
此模板使用RAW格式发送定义的POST请求,结合模板中定义的有效载荷运行clusterbomb intruder,并对响应进行字符串匹配检查。
Copy
id: multiple-raw-example
info:
name: Test RAW Template
author: pdteam
severity: info
# 支持模板内有效载荷的HTTP Intruder暴力破解。
http:
- raw:
- |
POST /?username=§username§¶mb=§password§ HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
Host: {{Hostname}}
another_header: {{base64('§password§')}}
Accept: */*
body=test
payloads:
username:
- admin
password:
- admin
- guest
- password
- test
- 12345
- 123456
attack: clusterbomb # 可用选项: batteringram,pitchfork,clusterbomb
matchers:
- type: word
words:
- "Test is test matcher text"
多请求暴力破解
此模板使用RAW格式发送定义的POST请求,结合基于词表的有效载荷运行clusterbomb intruder,并对响应进行字符串匹配检查。
Copy
id: multiple-raw-example
info:
name: Test RAW Template
author: pdteam
severity: info
http:
- raw:
- |
POST /?param_a=§param_a§¶mb=§param_b§ HTTP/1.1
User-Agent: §param_a§
Host: {{Hostname}}
another_header: {{base64('§param_b§')}}
Accept: */*
admin=test
- |
DELETE / HTTP/1.1
User-Agent: nuclei
Host: {{Hostname}}
{{sha256('§param_a§')}}
- |
PUT / HTTP/1.1
Host: {{Hostname}}
{{html_escape('§param_a§')}} + {{hex_encode('§param_b§')}}
attack: clusterbomb # 可用类型: batteringram,pitchfork,clusterbomb
payloads:
param_a: payloads/prams.txt
param_b: payloads/paths.txt
matchers:
- type: word
words:
- "Test is test matcher text"
认证暴力破解
此模板发送多个后续HTTP请求,每个请求之间保持会话状态,并对响应进行字符串匹配检查。Copy
id: multiple-raw-example
info:
name: Test RAW Template
author: pdteam
severity: info
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
- |
POST /testing HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
testing=parameter
cookie-reuse: true # Cookie-reuse像浏览器一样在所有请求之间维持会话状态。
matchers:
- type: word
words:
- "Test is test matcher text"