Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Lightfuzz (Draft) #1817

Draft
wants to merge 360 commits into
base: dev
Choose a base branch
from
Draft

Add Lightfuzz (Draft) #1817

wants to merge 360 commits into from

Conversation

liquidsec
Copy link
Collaborator

@liquidsec liquidsec commented Oct 3, 2024
edited
Loading

For now, a placeholder to assist in keeping the lightfuzz branch synced with changes to dev until it's ready

  • Body Parameters (new type, xml / JSON)
  • SSRF Submodule (on hold)
  • Documentation
  • Add comments to all lightfuzz submodules explaining detection logic, etc
  • override logging to automatically prepend lightfuzz submodule to messages
  • add portfilter module to all lightfuzz presets
  • Answer the question - deadly module or not?

Other TODOs:

  • Make lightfuzz into a folder
  • Reduce duplicate code in excavate (emission of WEB_PARAMETER)

@TheTechromancer follow up on:

  • Autogenerating documentation for lightfuzz modules based off their docstrings/metadata (similar to BBOT modules)
  • Necessity of using acorasick python library over yara

liquidsec added 30 commits July 20, 2024 11:01
@liquidsec
custom cookies / new crypto tests / lots of bug fixes
a262413
@liquidsec
little bug fixes
b372166
@liquidsec
minor bug fix
c7568d2
@liquidsec
debug msg remove
7f496c8
@liquidsec
small bug fix
c73bf9b
@liquidsec
fixing add_get_params, allowing malicious querystrings through
1a90154
@liquidsec
bug fixes
d940f9c
@liquidsec
sometimes no additional params
bdf8683
@liquidsec
bug fix.
a82e7fc
@liquidsec
another lil bug
2d59463
@liquidsec
better fix
84b9967
@liquidsec
3rd try :|
6cb5c19
@liquidsec
original value fix
c8329c7
@liquidsec
one more
bf4b5be
@liquidsec
handle non-str strings
54b2fcb
@liquidsec
tweaks to form extraction
23c414f
@liquidsec
fixing unreachable host issues
197b579
@liquidsec
reworking parameter extraction rules, bug fixes
8a6a4ca
@liquidsec
removing debug
67b69d1
@liquidsec
Merge branch 'stable' into lightfuzz
d4d07e5
@liquidsec
adding lightfuzz serialization submodule
1b00b06
@liquidsec
ruby serialization signature
bd4b760
@liquidsec
unnecessary strip
658f0e0
@liquidsec
tweaking padding oracle detection
52937bb
@liquidsec
moderate refactor and test fix
39ca3d5
@liquidsec
small crypto bug fix
85c3c73
@liquidsec
better error handling
6875f56
@liquidsec
updating hunt to show more detail in finding
10c11b3
@liquidsec
little hunt bug fix
0926773
@liquidsec
missing import
f1d0096
liquidsec and others added 14 commits January 23, 2025 14:06
@liquidsec
conditional spider warning
ac55777
@liquidsec
fix whitespace
a485fb2
@liquidsec
Merge pull request #2189 from blacklanternsecurity/lightfuzz-commentp…
13cc106 
…alooza

lightfuzz - Add many comments
@liquidsec
remove blacklist
dc3354e
@liquidsec
poetry.lock update
49f22a4
@liquidsec
Merge branch 'lightfuzz' into lightfuzz-deserialize-fp-fix
0e05301
@liquidsec
Merge branch 'lightfuzz' into lightfuzz-portfilter
d1e8e38
@liquidsec
Merge pull request #2187 from blacklanternsecurity/lightfuzz-portfilter
98668dd 
Add Portfilter to Lightfuzz Presets
@liquidsec
Merge branch 'lightfuzz' into lightfuzz-deserialize-fp-fix
d0cef2c
@liquidsec
Merge branch 'lightfuzz' into lightfuzz-conditional-encoding
1ed52d0
@liquidsec
Merge pull request #2204 from blacklanternsecurity/lightfuzz-conditio…
a250d04 
…nal-encoding

adding conditional url-encoding, fixing xml parameter extraction bug
@liquidsec
Merge branch 'lightfuzz' into lightfuzz-deserialize-fp-fix
c7d44da
docstring, cleanup for serial lightfuzz module
2b9a7bc
@liquidsec
Merge pull request #2176 from blacklanternsecurity/lightfuzz-deserial…
e80f402 
…ize-fp-fix

Reduce lightfuzz serial submodule False Positives
@liquidsec
Copy link
Collaborator Author

@TheTechromancer
"Necessity of using acorasick python library over yara"

As i've explained before, the overhead for building these using yara means for these small quick checks its actually MUCH faster. We really dont want to be compiling yara rules constantly. The existing stuff we do with yara involves compiling them once at the beginning of the scan, which is expensive but obviously well worth it as they are used for the life of the scan. This current string_scan implementation is working great.

Package overhead of ahocorasick is minuscule, if we're looking to lean things up there are much better choices.

@liquidsec liquidsec changed the title Draft Lightfuzz PR Add Lightfuzz (Draft) Jan 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@liquidsec @TheTechromancer