kazet / wpgarlic Goto Github PK
View Code? Open in Web Editor NEWA proof-of-concept WordPress plugin fuzzer
License: MIT License
A proof-of-concept WordPress plugin fuzzer
License: MIT License
I want to more details to know how to use this tool, I'm a learner,so i want to test poc by this tools, i want to kown which file shoud i use first,maybe ..?filtering.py or fuzzer_container.py....
I would like to pass each fuzzing request through a proxy server (such as burp suite).
Could you please help me and tell me how to do this?
Hi,
When executing the following command, I don't get any results:
./bin/fuzz_plugin responsive-vector-maps --version 6.4.0
./bin/print_findings data/plugin_fuzz_results/
0%| | 0/1 [00:00<?, ?it/s]data/plugin_fuzz_results/responsive-vector-maps_2ebc606988056f9282e287708b380297.json
Nothing found in responsive-vector-maps_2ebc606988056f9282e287708b380297.json. Archiving the report...
data/plugin_fuzz_results/scanned/responsive-vector-maps_2ebc606988056f9282e287708b380297.json: 11.5% -- replaced with data/plugin_fuzz_results/scanned/responsive-vector-maps_2ebc606988056f9282e287708b380297.json.gz
100%|████████████████████████████████████████████████████████████████████████████████████| 1/1 [00:00<00:00, 677.05it/s]
Unique filepaths total: 1
Filepaths with report printed: 0 (0.00%)
The only change I made is changing the version to "3.3" in docker-compose.yaml
Here are the logs of the installation. Let me know if you spot any issue:
Hi there,
When I started fuzzing, I got this message, what's the problem?
[+] Running 3/3
⠿ Container wpgarlic-db1-1 Started 1.0s
⠿ Container wpgarlic-dns1-1 Started 1.0s
⠿ Container wordpress1 Started 1.9s
wait-for-it.sh: waiting for db1:3306 without a timeout
Also, when I run these containers, the mysqld uses 99% of the CPU.
I really appreciate any help you can provide.
Hello there, thank you for your research, I have a question regarding the tool. At first after installing, I had to tweak the dependencies versions a little bit to get it to work, and it worked perfectly afterward and I was able to fuzz and see the findings of the fuzzing.
But as soon as I started to fuzz the next plugin, the findings printer stopped working properly and it started to raise an Exception for Zero Division Error:
┌──(venv)─(root@kali)-[~/wpgarlic]
└─# bin/print_findings data/plugin_fuzz_results/
0%| | 0/1 [00:00<?, ?it/s]data/plugin_fuzz_results/pdf-generator-for-wp_4b256ea0c30ed8675326896c750f21be.json
Nothing found in pdf-generator-for-wp_4b256ea0c30ed8675326896c750f21be.json. Archiving the report...
data/plugin_fuzz_results/scanned/pdf-generator-for-wp_4b256ea0c30ed8675326896c750f21be.json: 84.3% -- replaced with data/plugin_fuzz_results/scanned/pdf-generator-for-wp_4b256ea0c30ed8675326896c750f21be.json.gz
100%|████████████████████████████████████████████████████████████████████████████████████| 1/1 [00:34<00:00, 34.74s/it]
Unique filepaths total: 1
Filepaths with report printed: 0 (0.00%)
┌──(venv)─(root@kali)-[~/wpgarlic]
└─# bin/print_findings data/plugin_fuzz_results/
0it [00:00, ?it/s]
Unique filepaths total: 0
Traceback (most recent call last):
File "/root/wpgarlic/print_findings.py", line 250, in
typer.run(print_findings_from_folder)
File "/root/wpgarlic/venv/lib/python3.9/site-packages/typer/main.py", line 864, in run
app()
File "/root/wpgarlic/venv/lib/python3.9/site-packages/typer/main.py", line 214, in call
return get_command(self)(*args, **kwargs)
File "/root/wpgarlic/venv/lib/python3.9/site-packages/click/core.py", line 1128, in call
return self.main(*args, **kwargs)
File "/root/wpgarlic/venv/lib/python3.9/site-packages/click/core.py", line 1053, in main
rv = self.invoke(ctx)
File "/root/wpgarlic/venv/lib/python3.9/site-packages/click/core.py", line 1395, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/root/wpgarlic/venv/lib/python3.9/site-packages/click/core.py", line 754, in invoke
return __callback(*args, **kwargs)
File "/root/wpgarlic/venv/lib/python3.9/site-packages/typer/main.py", line 500, in wrapper
return callback(**use_params) # type: ignore
File "/root/wpgarlic/print_findings.py", line 245, in print_findings_from_folder
f"({100.0 * num_paths_with_printed_reports / len(file_names):.02f}%)"
ZeroDivisionError: float division by zero
I deleted all containers and images and deleted the project folder and rebuilt the whole thing from scratch but that sadly didn't help.
I can see that the Fuzzing is happening in the first stage and the huge findings .Json file being created, but then the reporter prints that it couldn't find anything even though I'm testing the same plugin I tested before and I'm sure that there are some findings at least.
Do you have an Idea what might be causing this and how to fix it ?
Thanks a lot !
I'm unable to fuzz multiple plugins located in a folder using the --file-or-folder-to-fuzz
option, when I've tried directly running ./bin/fuzz_plugin <folder path>
, this led to an error:
Traceback (most recent call last):
File "/home/user/wpgarlic/fuzz_plugin.py", line 234, in <module>
typer.run(fuzz_plugin)
File "/home/user/wpgarlic/fuzz_plugin.py", line 69, in fuzz_plugin
assert all(
AssertionError
Any guidance or a potential fix would be appreciated.
Running on Ubuntu 22.04.3 LTS on WSL2.
Does the tool have a defect report?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.