Skip to content
/ fruit_picker Public
forked from dreilly369/fruit_picker

A tool for finding the low handing web security vulnerabilities

License

MIT license
0 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

forte-bin/fruit_picker

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
modules
modules
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
fruit_picker.py
fruit_picker.py
 
 

Repository files navigation

Fruit Picker

This is a set of tools used to automate some of the initial testing of a web application.

Each test is broken out into a seperate module that can be dropped into a script or other tools. The goal is to use only Python's standard library and to make things as modular as possible. Everyone's workflow is different so this tool should be as flexible as possible. Details about each module is listed below.

Note: The parent script fruit_picker.py is simply to illustrate what pulling the modules together into a larger testing script would look like. The emphasis here is on the modules, not the parent tool.

The following outlines the modules:

access_scanner.py

  • This will take a list of URLs in a seperate file (and optional credentials) and check to see what is accessible with and/or without credentials and/or with or without SSL/TLS.
  • This is great for taking a sitemap or Burp history and checking to see what resources or pages are accessible wihtout credentials or without SSL/TLS. Also this can be used when checking for horizontal bypass - drop in a different user's credentials and see if they can access another user's stuff.

cookie_settings.py

  • This will look at cookie settings for a site and identify inadequate security settings.
  • The module looks to see if the secure flag is set, the HttpOnly flag is set, and if the cookie has an expiration (meaning it is written to disk).

http_headers.py

  • This will look at the headers returned by the server and identify if there are headers that disclose sensitive information or if certian "security enhancing" headers are missing.
  • The module checks for the presence of server, x-powered-by, x-aspnet-version, x-aspnetmvc-version, strict-transport-security, x-frame-options, x-xss-protections, and other x- headers people like to thrown in there.

http_methods.py

  • This will try various HTTP methods and identify any that are available and insecure.
  • Note: The module will not attempt to perform a DELETE as older IIS servers can recursively delete web roots if misconfigured.

robots_txt.py

  • This module will grab the robots.txt for a domain if it is available.

ssl_protos_and_ciphers.py

  • This module checks what SSL/TLS versions and cipher suites are supported by the server.
  • This does not depend on OpenSSL.
  • Credit to https://thesprawl.org/projects/sslmap/ for the inspiration.

timing_attack.py

  • This checks for user enumeration on the login prompt (or other forms) through timing differences in server responses.

About

A tool for finding the low handing web security vulnerabilities

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%