diff --git a/web/config/default_yaml_config.yaml b/web/config/default_yaml_config.yaml index 058d7c61..4e31bce8 100644 --- a/web/config/default_yaml_config.yaml +++ b/web/config/default_yaml_config.yaml @@ -81,15 +81,16 @@ dir_file_fuzz: { 'auto_calibration': true, 'enable_http_crawl': true, 'rate_limit': 150, - 'extensions': ['html', 'php','git','yaml','conf','cnf','config','gz','env','log','db','mysql','bak','asp','aspx','txt','conf','sql','json','yml','pdf'], + 'extensions': [], + # 'extensions': ['html', 'php','git','yaml','conf','cnf','config','gz','env','log','db','mysql','bak','asp','aspx','txt','conf','sql','json','yml','pdf'], 'follow_redirect': false, 'max_time': 0, 'match_http_status': [200, 204], - 'recursive_level': 2, + 'recursive_level': 0, 'stop_on_error': false, 'timeout': 5, 'threads': 30, - 'wordlist_name': 'dicc', + 'wordlist_name': 'default', # fuzz-Bo0oM } fetch_url: { # 'custom_header': { diff --git a/web/fixtures/default_scan_engines.yaml b/web/fixtures/default_scan_engines.yaml index f76ab3b4..744861ba 100644 --- a/web/fixtures/default_scan_engines.yaml +++ b/web/fixtures/default_scan_engines.yaml @@ -16,11 +16,10 @@ \ 'jenkins',\r\n 'wordpress_files',\r\n 'php_error',\r\n 'exposed_documents',\r\n \ 'db_files',\r\n 'git_exposed'\r\n ],\r\n 'intensity': 'normal',\r\n \ 'documents_limit': 50\r\n}\r\ndir_file_fuzz: {\r\n 'auto_calibration': true,\r\n - \ 'enable_http_crawl': true,\r\n 'rate_limit': 150,\r\n 'extensions': ['html', - 'php','git','yaml','conf','cnf','config','gz','env','log','db','mysql','bak','asp','aspx','txt','conf','sql','json','yml','pdf'],\r\n + \ 'enable_http_crawl': true,\r\n 'rate_limit': 150,\r\n 'extensions': [],\r\n \ 'follow_redirect': false,\r\n 'max_time': 0,\r\n 'match_http_status': [200, - 204],\r\n 'recursive_level': 2,\r\n 'stop_on_error': false,\r\n 'timeout': - 5,\r\n 'threads': 30,\r\n 'wordlist_name': 'dicc'\r\n}\r\nfetch_url: {\r\n + 204],\r\n 'recursive_level': 0,\r\n 'stop_on_error': false,\r\n 'timeout': + 5,\r\n 'threads': 30,\r\n 'wordlist_name': 'default', # fuzz-Bo0oM\r\n}\r\nfetch_url: {\r\n \ 'uses_tools': ['gospider', 'hakrawler', 'waybackurls', 'katana', 'gau'],\r\n \ 'remove_duplicate_endpoints': true,\r\n 'duplicate_fields': ['content_length', 'page_title'],\r\n 'follow_redirect': false,\r\n 'enable_http_crawl': true,\r\n 'gf_patterns': ['debug_logic', diff --git a/web/reNgine/definitions.py b/web/reNgine/definitions.py index a79f8174..ce1c710c 100644 --- a/web/reNgine/definitions.py +++ b/web/reNgine/definitions.py @@ -107,9 +107,8 @@ ############################################################################### # amass -AMASS_DEFAULT_WORDLIST_PATH = ( - 'wordlist/default_wordlist/deepmagic.com-prefixes-top50000.txt' -) +AMASS_DEFAULT_WORDLIST_NAME = 'deepmagic.com-prefixes-top50000' +AMASS_DEFAULT_WORDLIST_PATH = str(Path(RENGINE_WORDLISTS)) # dorks DORKS_DEFAULT_NAMES = [ @@ -130,9 +129,10 @@ ] # ffuf -FFUF_DEFAULT_WORDLIST_PATH = str(Path(RENGINE_WORDLISTS) / 'dicc.txt') +FFUF_DEFAULT_WORDLIST_NAME = 'fuzz-Bo0oM' +FFUF_DEFAULT_WORDLIST_PATH = str(Path(RENGINE_WORDLISTS)) FFUF_DEFAULT_MATCH_HTTP_STATUS = [200, 204] -FFUF_DEFAULT_RECURSIVE_LEVEL = 2 +FFUF_DEFAULT_RECURSIVE_LEVEL = 0 FFUF_DEFAULT_FOLLOW_REDIRECT = False # naabu diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py index 2d98999b..a3ed329f 100644 --- a/web/reNgine/tasks.py +++ b/web/reNgine/tasks.py @@ -426,8 +426,8 @@ def subdomain_discovery( elif tool == 'amass-active': use_amass_config = config.get(USE_AMASS_CONFIG, False) - amass_wordlist_name = config.get(AMASS_WORDLIST, 'deepmagic.com-prefixes-top50000') - wordlist_path = str(Path(RENGINE_WORDLISTS) / f'{amass_wordlist_name}.txt') + amass_wordlist_name = config.get(AMASS_WORDLIST, AMASS_DEFAULT_WORDLIST_NAME) + wordlist_path = str(Path(AMASS_DEFAULT_WORDLIST_PATH) / f'{amass_wordlist_name}.txt') cmd = f'amass enum -active -d {host} -o ' + str(Path(self.results_dir) / 'subdomains_amass_active.txt') cmd += (' -config ' + str(Path.home() / '.config' / 'amass.ini')) if use_amass_config else '' cmd += f' -brute -w {wordlist_path}' @@ -1629,13 +1629,13 @@ def dir_file_fuzz(self, ctx={}, description=None): stop_on_error = config.get(STOP_ON_ERROR, False) timeout = config.get(TIMEOUT) or self.yaml_configuration.get(TIMEOUT, DEFAULT_HTTP_TIMEOUT) threads = config.get(THREADS) or self.yaml_configuration.get(THREADS, DEFAULT_THREADS) - wordlist_name = config.get(WORDLIST, 'dicc') + wordlist_name = config.get(WORDLIST, FFUF_DEFAULT_WORDLIST_NAME) delay = rate_limit / (threads * 100) # calculate request pause delay from rate_limit and number of threads input_path = str(Path(self.results_dir) / 'input_dir_file_fuzz.txt') # Get wordlist - wordlist_name = 'dicc' if wordlist_name == 'default' else wordlist_name - wordlist_path = str(Path(RENGINE_WORDLISTS) / f'{wordlist_name}.txt') + wordlist_name = FFUF_DEFAULT_WORDLIST_NAME if wordlist_name == 'default' else wordlist_name + wordlist_path = str(Path(FFUF_DEFAULT_WORDLIST_PATH) / f'{wordlist_name}.txt') # Build command cmd += f' -w {wordlist_path}' diff --git a/web/scanEngine/fixtures/scanEngine.json b/web/scanEngine/fixtures/scanEngine.json index daa47911..030b7b14 100644 --- a/web/scanEngine/fixtures/scanEngine.json +++ b/web/scanEngine/fixtures/scanEngine.json @@ -4,7 +4,7 @@ "pk": 1, "fields": { "engine_name": "Full Scan", - "yaml_configuration": "subdomain_discovery: {\r\n 'uses_tools': ['subfinder', 'ctfr', 'sublist3r', 'tlsx', 'oneforall', 'netlas'],\r\n 'enable_http_crawl': true,\r\n 'threads': 30,\r\n 'timeout': 5,\r\n}\r\nhttp_crawl: {}\r\nport_scan: {\r\n 'enable_http_crawl': true,\r\n 'timeout': 5,\r\n # 'exclude_ports': [],\r\n # 'exclude_subdomains': [],\r\n 'ports': ['top-100'],\r\n 'rate_limit': 150,\r\n 'threads': 30,\r\n 'passive': false,\r\n # 'use_naabu_config': false,\r\n # 'enable_nmap': true,\r\n # 'nmap_cmd': '',\r\n # 'nmap_script': '',\r\n # 'nmap_script_args': ''\r\n}\r\nosint: {\r\n 'discover': [\r\n 'emails',\r\n 'metainfo',\r\n 'employees'\r\n ],\r\n 'dorks': [\r\n 'login_pages',\r\n 'admin_panels',\r\n 'dashboard_pages',\r\n 'stackoverflow',\r\n 'social_media',\r\n 'project_management',\r\n 'code_sharing',\r\n 'config_files',\r\n 'jenkins',\r\n 'wordpress_files',\r\n 'php_error',\r\n 'exposed_documents',\r\n 'db_files',\r\n 'git_exposed'\r\n ],\r\n 'intensity': 'normal',\r\n 'documents_limit': 50\r\n}\r\ndir_file_fuzz: {\r\n 'auto_calibration': true,\r\n 'enable_http_crawl': true,\r\n 'rate_limit': 150,\r\n 'extensions': ['html', 'php','git','yaml','conf','cnf','config','gz','env','log','db','mysql','bak','asp','aspx','txt','conf','sql','json','yml','pdf'],\r\n 'follow_redirect': false,\r\n 'max_time': 0,\r\n 'match_http_status': [200, 204],\r\n 'recursive_level': 2,\r\n 'stop_on_error': false,\r\n 'timeout': 5,\r\n 'threads': 30,\r\n 'wordlist_name': 'dicc'\r\n}\r\nfetch_url: {\r\n 'uses_tools': ['gospider', 'hakrawler', 'waybackurls', 'katana', 'gau'],\r\n 'remove_duplicate_endpoints': true,\r\n 'duplicate_fields': ['content_length', 'page_title'],\r\n 'follow_redirect': false,\r\n 'enable_http_crawl': true,\r\n 'gf_patterns': ['debug_logic', 'idor', 'interestingEXT', 'interestingparams', 'interestingsubs', 'lfi', 'rce', 'redirect', 'sqli', 'ssrf', 'ssti', 'xss'],\r\n 'ignore_file_extensions': ['png', 'jpg', 'jpeg', 'gif', 'mp4', 'mpeg', 'mp3'],\r\n 'threads': 30\r\n}\r\nvulnerability_scan: {\r\n 'run_nuclei': true,\r\n 'run_dalfox': true,\r\n 'run_crlfuzz': true,\r\n 'enable_http_crawl': true,\r\n 'concurrency': 50,\r\n 'intensity': 'normal',\r\n 'rate_limit': 150,\r\n 'retries': 1,\r\n 'timeout': 5,\r\n 'fetch_gpt_report': true,\r\n 'nuclei': {\r\n 'use_nuclei_config': false,\r\n 'severities': ['unknown', 'info', 'low', 'medium', 'high', 'critical']\r\n }\r\n}\r\nwaf_detection: {\r\n\r\n}\r\nscreenshot: {\r\n 'enable_http_crawl': true,\r\n 'intensity': 'normal',\r\n 'timeout': 10,\r\n 'threads': 40\r\n}\r\n\r\n# custom_header: \"Cookie: Test\"", + "yaml_configuration": "subdomain_discovery: {\r\n 'uses_tools': ['subfinder', 'ctfr', 'sublist3r', 'tlsx', 'oneforall', 'netlas'],\r\n 'enable_http_crawl': true,\r\n 'threads': 30,\r\n 'timeout': 5,\r\n}\r\nhttp_crawl: {}\r\nport_scan: {\r\n 'enable_http_crawl': true,\r\n 'timeout': 5,\r\n # 'exclude_ports': [],\r\n # 'exclude_subdomains': [],\r\n 'ports': ['top-100'],\r\n 'rate_limit': 150,\r\n 'threads': 30,\r\n 'passive': false,\r\n # 'use_naabu_config': false,\r\n # 'enable_nmap': true,\r\n # 'nmap_cmd': '',\r\n # 'nmap_script': '',\r\n # 'nmap_script_args': ''\r\n}\r\nosint: {\r\n 'discover': [\r\n 'emails',\r\n 'metainfo',\r\n 'employees'\r\n ],\r\n 'dorks': [\r\n 'login_pages',\r\n 'admin_panels',\r\n 'dashboard_pages',\r\n 'stackoverflow',\r\n 'social_media',\r\n 'project_management',\r\n 'code_sharing',\r\n 'config_files',\r\n 'jenkins',\r\n 'wordpress_files',\r\n 'php_error',\r\n 'exposed_documents',\r\n 'db_files',\r\n 'git_exposed'\r\n ],\r\n 'intensity': 'normal',\r\n 'documents_limit': 50\r\n}\r\ndir_file_fuzz: {\r\n 'auto_calibration': true,\r\n 'enable_http_crawl': true,\r\n 'rate_limit': 150,\r\n 'extensions': [],\r\n 'follow_redirect': false,\r\n 'max_time': 0,\r\n 'match_http_status': [200, 204],\r\n 'recursive_level': 0,\r\n 'stop_on_error': false,\r\n 'timeout': 5,\r\n 'threads': 30,\r\n 'wordlist_name': 'default', # fuzz-Bo0oM\r\n}\r\nfetch_url: {\r\n 'uses_tools': ['gospider', 'hakrawler', 'waybackurls', 'katana', 'gau'],\r\n 'remove_duplicate_endpoints': true,\r\n 'duplicate_fields': ['content_length', 'page_title'],\r\n 'follow_redirect': false,\r\n 'enable_http_crawl': true,\r\n 'gf_patterns': ['debug_logic', 'idor', 'interestingEXT', 'interestingparams', 'interestingsubs', 'lfi', 'rce', 'redirect', 'sqli', 'ssrf', 'ssti', 'xss'],\r\n 'ignore_file_extensions': ['png', 'jpg', 'jpeg', 'gif', 'mp4', 'mpeg', 'mp3'],\r\n 'threads': 30\r\n}\r\nvulnerability_scan: {\r\n 'run_nuclei': true,\r\n 'run_dalfox': true,\r\n 'run_crlfuzz': true,\r\n 'enable_http_crawl': true,\r\n 'concurrency': 50,\r\n 'intensity': 'normal',\r\n 'rate_limit': 150,\r\n 'retries': 1,\r\n 'timeout': 5,\r\n 'fetch_gpt_report': true,\r\n 'nuclei': {\r\n 'use_nuclei_config': false,\r\n 'severities': ['unknown', 'info', 'low', 'medium', 'high', 'critical']\r\n }\r\n}\r\nwaf_detection: {\r\n\r\n}\r\nscreenshot: {\r\n 'enable_http_crawl': true,\r\n 'intensity': 'normal',\r\n 'timeout': 10,\r\n 'threads': 40\r\n}\r\n\r\n# custom_header: \"Cookie: Test\"", "default_engine": true } }, @@ -58,7 +58,7 @@ "pk": 7, "fields": { "engine_name": "Full (perso)", - "yaml_configuration": "# Global vars for all tools\r\n#\r\n# Custom header - FFUF, Nuclei, Dalfox, CRL Fuzz, HTTPx, Fetch URL (Hakrawler, Katana, Gospider)\r\n# custom_header: {\r\n# 'Cookie':'Test',\r\n# 'User-Agent': 'Mozilla/5.0',\r\n# 'Custom-Header': 'My custom header'\r\n# }\r\n# 'user_agent': '' # Dalfox only\r\n# 'enable_http_crawl': true # All tools\r\n# 'timeout': 10 # Subdomain discovery, Screenshot, Port scan, FFUF, Nuclei \r\n# 'threads': 30 # All tools\r\n# 'rate_limit': 150 # Port scan, FFUF, Nuclei\r\n# 'intensity': 'normal' # Screenshot (grab only the root endpoints of each subdomain), Nuclei (reduce number of endpoints to scan), OSINT (not implemented yet)\r\n# 'retries': 1 # Nuclei\r\n\r\nsubdomain_discovery: {\r\n 'uses_tools': ['subfinder', 'ctfr', 'sublist3r', 'tlsx', 'oneforall', 'netlas'], # amass-passive, amass-active, All\r\n 'enable_http_crawl': true,\r\n 'threads': 30,\r\n 'timeout': 5,\r\n # 'use_subfinder_config': false,\r\n # 'use_amass_config': false,\r\n # 'amass_wordlist': 'deepmagic.com-prefixes-top50000'\r\n}\r\nhttp_crawl: {\r\n # 'custom_header': {\r\n # 'Cookie':'Test',\r\n # 'User-Agent': 'Mozilla/5.0'\r\n # },\r\n # 'threads': 30,\r\n # 'follow_redirect': false\r\n}\r\nport_scan: {\r\n 'enable_http_crawl': true,\r\n 'timeout': 5,\r\n # 'exclude_ports': [],\r\n # 'exclude_subdomains': [],\r\n 'ports': ['top-100'],\r\n 'rate_limit': 150,\r\n 'threads': 30,\r\n 'passive': false,\r\n # 'use_naabu_config': false,\r\n # 'enable_nmap': true,\r\n # 'nmap_cmd': '',\r\n # 'nmap_script': '',\r\n # 'nmap_script_args': ''\r\n}\r\nosint: {\r\n 'discover': [\r\n 'emails',\r\n 'metainfo',\r\n 'employees'\r\n ],\r\n 'dorks': [\r\n 'login_pages',\r\n 'admin_panels',\r\n 'dashboard_pages',\r\n 'stackoverflow',\r\n 'social_media',\r\n 'project_management',\r\n 'code_sharing',\r\n 'config_files',\r\n 'jenkins',\r\n 'wordpress_files',\r\n 'php_error',\r\n 'exposed_documents',\r\n 'db_files',\r\n 'git_exposed'\r\n ],\r\n # 'custom_dorks': [],\r\n 'intensity': 'normal',\r\n 'documents_limit': 50\r\n}\r\ndir_file_fuzz: {\r\n # 'custom_header': {\r\n # 'Cookie':'Test',\r\n # 'User-Agent': 'Mozilla/5.0',\r\n # 'Custom-Header': 'My custom header'\r\n # },\r\n 'auto_calibration': true,\r\n 'enable_http_crawl': true,\r\n 'rate_limit': 150,\r\n 'extensions': [],\r\n 'follow_redirect': false,\r\n 'max_time': 0,\r\n 'match_http_status': [200, 204],\r\n 'recursive_level': 0,\r\n 'stop_on_error': false,\r\n 'timeout': 5,\r\n 'threads': 30,\r\n 'wordlist_name': 'dicc',\r\n}\r\nfetch_url: {\r\n # 'custom_header': {\r\n # 'Cookie':'Test',\r\n # 'User-Agent': 'Mozilla/5.0',\r\n # 'Custom-Header': 'My custom header'\r\n # },\r\n 'uses_tools': ['gospider', 'hakrawler', 'waybackurls', 'katana', 'gau'],\r\n 'remove_duplicate_endpoints': true,\r\n 'duplicate_fields': ['content_length', 'page_title'],\r\n 'follow_redirect': false,\r\n 'enable_http_crawl': true,\r\n 'gf_patterns': ['debug_logic', 'idor', 'interestingEXT', 'interestingparams', 'interestingsubs', 'lfi', 'rce', 'redirect', 'sqli', 'ssrf', 'ssti', 'xss'],\r\n 'ignore_file_extensions': ['png', 'jpg', 'jpeg', 'gif', 'mp4', 'mpeg', 'mp3'],\r\n 'threads': 30,\r\n # 'exclude_subdomains': false\r\n}\r\nvulnerability_scan: {\r\n # 'custom_header': {\r\n # 'Cookie':'Test',\r\n # 'User-Agent': 'Mozilla/5.0',\r\n # 'Custom-Header': 'My custom header'\r\n # },\r\n 'run_nuclei': true,\r\n 'run_dalfox': false,\r\n 'run_crlfuzz': false,\r\n 'run_s3scanner': false,\r\n 'enable_http_crawl': true,\r\n 'concurrency': 50,\r\n 'intensity': 'normal',\r\n 'rate_limit': 150,\r\n 'retries': 1,\r\n 'timeout': 5,\r\n 'fetch_gpt_report': true,\r\n 'nuclei': {\r\n 'use_nuclei_config': false,\r\n 'severities': ['unknown', 'info', 'low', 'medium', 'high', 'critical'],\r\n # 'tags': [], # Nuclei tags (https://github.com/projectdiscovery/nuclei-templates)\r\n # 'templates': [], # Nuclei templates (https://github.com/projectdiscovery/nuclei-templates)\r\n # 'custom_templates': [] # Nuclei custom templates uploaded in reNgine\r\n }\r\n}\r\nwaf_detection: {\r\n 'enable_http_crawl': true\r\n}\r\nscreenshot: {\r\n 'enable_http_crawl': true,\r\n 'intensity': 'normal',\r\n 'timeout': 10,\r\n 'threads': 40\r\n}", + "yaml_configuration": "# Global vars for all tools\r\n#\r\n# Custom header - FFUF, Nuclei, Dalfox, CRL Fuzz, HTTPx, Fetch URL (Hakrawler, Katana, Gospider)\r\n# custom_header: {\r\n# 'Cookie':'Test',\r\n# 'User-Agent': 'Mozilla/5.0',\r\n# 'Custom-Header': 'My custom header'\r\n# }\r\n# 'user_agent': '' # Dalfox only\r\n# 'enable_http_crawl': true # All tools\r\n# 'timeout': 10 # Subdomain discovery, Screenshot, Port scan, FFUF, Nuclei \r\n# 'threads': 30 # All tools\r\n# 'rate_limit': 150 # Port scan, FFUF, Nuclei\r\n# 'intensity': 'normal' # Screenshot (grab only the root endpoints of each subdomain), Nuclei (reduce number of endpoints to scan), OSINT (not implemented yet)\r\n# 'retries': 1 # Nuclei\r\n\r\nsubdomain_discovery: {\r\n 'uses_tools': ['subfinder', 'ctfr', 'sublist3r', 'tlsx', 'oneforall', 'netlas'], # amass-passive, amass-active, All\r\n 'enable_http_crawl': true,\r\n 'threads': 30,\r\n 'timeout': 5,\r\n # 'use_subfinder_config': false,\r\n # 'use_amass_config': false,\r\n # 'amass_wordlist': 'deepmagic.com-prefixes-top50000'\r\n}\r\nhttp_crawl: {\r\n # 'custom_header': {\r\n # 'Cookie':'Test',\r\n # 'User-Agent': 'Mozilla/5.0'\r\n # },\r\n # 'threads': 30,\r\n # 'follow_redirect': false\r\n}\r\nport_scan: {\r\n 'enable_http_crawl': true,\r\n 'timeout': 5,\r\n # 'exclude_ports': [],\r\n # 'exclude_subdomains': [],\r\n 'ports': ['top-100'],\r\n 'rate_limit': 150,\r\n 'threads': 30,\r\n 'passive': false,\r\n # 'use_naabu_config': false,\r\n # 'enable_nmap': true,\r\n # 'nmap_cmd': '',\r\n # 'nmap_script': '',\r\n # 'nmap_script_args': ''\r\n}\r\nosint: {\r\n 'discover': [\r\n 'emails',\r\n 'metainfo',\r\n 'employees'\r\n ],\r\n 'dorks': [\r\n 'login_pages',\r\n 'admin_panels',\r\n 'dashboard_pages',\r\n 'stackoverflow',\r\n 'social_media',\r\n 'project_management',\r\n 'code_sharing',\r\n 'config_files',\r\n 'jenkins',\r\n 'wordpress_files',\r\n 'php_error',\r\n 'exposed_documents',\r\n 'db_files',\r\n 'git_exposed'\r\n ],\r\n # 'custom_dorks': [],\r\n 'intensity': 'normal',\r\n 'documents_limit': 50\r\n}\r\ndir_file_fuzz: {\r\n # 'custom_header': {\r\n # 'Cookie':'Test',\r\n # 'User-Agent': 'Mozilla/5.0',\r\n # 'Custom-Header': 'My custom header'\r\n # },\r\n 'auto_calibration': true,\r\n 'enable_http_crawl': true,\r\n 'rate_limit': 150,\r\n 'extensions': [],\r\n 'follow_redirect': false,\r\n 'max_time': 0,\r\n 'match_http_status': [200, 204],\r\n 'recursive_level': 0,\r\n 'stop_on_error': false,\r\n 'timeout': 5,\r\n 'threads': 30,\r\n 'wordlist_name': 'default', # fuzz-Bo0oM,\r\n}\r\nfetch_url: {\r\n # 'custom_header': {\r\n # 'Cookie':'Test',\r\n # 'User-Agent': 'Mozilla/5.0',\r\n # 'Custom-Header': 'My custom header'\r\n # },\r\n 'uses_tools': ['gospider', 'hakrawler', 'waybackurls', 'katana', 'gau'],\r\n 'remove_duplicate_endpoints': true,\r\n 'duplicate_fields': ['content_length', 'page_title'],\r\n 'follow_redirect': false,\r\n 'enable_http_crawl': true,\r\n 'gf_patterns': ['debug_logic', 'idor', 'interestingEXT', 'interestingparams', 'interestingsubs', 'lfi', 'rce', 'redirect', 'sqli', 'ssrf', 'ssti', 'xss'],\r\n 'ignore_file_extensions': ['png', 'jpg', 'jpeg', 'gif', 'mp4', 'mpeg', 'mp3'],\r\n 'threads': 30,\r\n # 'exclude_subdomains': false\r\n}\r\nvulnerability_scan: {\r\n # 'custom_header': {\r\n # 'Cookie':'Test',\r\n # 'User-Agent': 'Mozilla/5.0',\r\n # 'Custom-Header': 'My custom header'\r\n # },\r\n 'run_nuclei': true,\r\n 'run_dalfox': false,\r\n 'run_crlfuzz': false,\r\n 'run_s3scanner': false,\r\n 'enable_http_crawl': true,\r\n 'concurrency': 50,\r\n 'intensity': 'normal',\r\n 'rate_limit': 150,\r\n 'retries': 1,\r\n 'timeout': 5,\r\n 'fetch_gpt_report': true,\r\n 'nuclei': {\r\n 'use_nuclei_config': false,\r\n 'severities': ['unknown', 'info', 'low', 'medium', 'high', 'critical'],\r\n # 'tags': [], # Nuclei tags (https://github.com/projectdiscovery/nuclei-templates)\r\n # 'templates': [], # Nuclei templates (https://github.com/projectdiscovery/nuclei-templates)\r\n # 'custom_templates': [] # Nuclei custom templates uploaded in reNgine\r\n }\r\n}\r\nwaf_detection: {\r\n 'enable_http_crawl': true\r\n}\r\nscreenshot: {\r\n 'enable_http_crawl': true,\r\n 'intensity': 'normal',\r\n 'timeout': 10,\r\n 'threads': 40\r\n}", "default_engine": false } }, diff --git a/web/startScan/fixtures/startScan.json b/web/startScan/fixtures/startScan.json index 5d0c8fe6..929ab016 100644 --- a/web/startScan/fixtures/startScan.json +++ b/web/startScan/fixtures/startScan.json @@ -2661,7 +2661,7 @@ "model": "startScan.directoryscan", "pk": 1, "fields": { - "command_line": "ffuf -w /home/rengine/wordlists/dicc.txt -p 0.05 -t 30 -timeout 5 -ac -mc 200,204 -u http://rest.vulnweb.com/FUZZ -json", + "command_line": "ffuf -w /home/rengine/wordlists/fuzz-Bo0oM.txt -p 0.05 -t 30 -timeout 5 -ac -mc 200,204 -u http://rest.vulnweb.com/FUZZ -json", "scanned_date": "2024-09-03T22:02:45.119Z", "directory_files": [ 1, @@ -2675,7 +2675,7 @@ "model": "startScan.directoryscan", "pk": 2, "fields": { - "command_line": "ffuf -w /home/rengine/wordlists/dicc.txt -p 0.05 -t 30 -timeout 5 -ac -mc 200,204 -u http://testasp.vulnweb.com/FUZZ -json", + "command_line": "ffuf -w /home/rengine/wordlists/fuzz-Bo0oM.txt -p 0.05 -t 30 -timeout 5 -ac -mc 200,204 -u http://testasp.vulnweb.com/FUZZ -json", "scanned_date": "2024-09-03T22:05:24.142Z", "directory_files": [ 4, @@ -2689,7 +2689,7 @@ "model": "startScan.directoryscan", "pk": 3, "fields": { - "command_line": "ffuf -w /home/rengine/wordlists/dicc.txt -p 0.05 -t 30 -timeout 5 -ac -mc 200,204 -u http://testaspnet.vulnweb.com/FUZZ -json", + "command_line": "ffuf -w /home/rengine/wordlists/fuzz-Bo0oM.txt -p 0.05 -t 30 -timeout 5 -ac -mc 200,204 -u http://testaspnet.vulnweb.com/FUZZ -json", "scanned_date": "2024-09-03T22:06:42.524Z", "directory_files": [ 7, @@ -2703,7 +2703,7 @@ "model": "startScan.directoryscan", "pk": 4, "fields": { - "command_line": "ffuf -w /home/rengine/wordlists/dicc.txt -p 0.05 -t 30 -timeout 5 -ac -mc 200,204 -u http://testhtml5.vulnweb.com/FUZZ -json", + "command_line": "ffuf -w /home/rengine/wordlists/fuzz-Bo0oM.txt -p 0.05 -t 30 -timeout 5 -ac -mc 200,204 -u http://testhtml5.vulnweb.com/FUZZ -json", "scanned_date": "2024-09-03T22:07:57.153Z", "directory_files": [ 10, @@ -2720,7 +2720,7 @@ "model": "startScan.directoryscan", "pk": 5, "fields": { - "command_line": "ffuf -w /home/rengine/wordlists/dicc.txt -p 0.05 -t 30 -timeout 5 -ac -mc 200,204 -u http://testphp.vulnweb.com/FUZZ -json", + "command_line": "ffuf -w /home/rengine/wordlists/fuzz-Bo0oM.txt -p 0.05 -t 30 -timeout 5 -ac -mc 200,204 -u http://testphp.vulnweb.com/FUZZ -json", "scanned_date": "2024-09-03T22:09:11.505Z", "directory_files": [ 16, @@ -2753,7 +2753,7 @@ "model": "startScan.directoryscan", "pk": 6, "fields": { - "command_line": "ffuf -w /home/rengine/wordlists/dicc.txt -p 0.05 -t 30 -timeout 5 -ac -mc 200,204 -u http://vulnweb.com/FUZZ -json", + "command_line": "ffuf -w /home/rengine/wordlists/fuzz-Bo0oM.txt -p 0.05 -t 30 -timeout 5 -ac -mc 200,204 -u http://vulnweb.com/FUZZ -json", "scanned_date": "2024-09-03T22:10:26.882Z", "directory_files": [ 38 @@ -2765,7 +2765,7 @@ "model": "startScan.directoryscan", "pk": 7, "fields": { - "command_line": "ffuf -w /home/rengine/wordlists/dicc.txt -p 0.05 -t 30 -timeout 5 -ac -mc 200,204 -u http://www.vulnweb.com/FUZZ -json", + "command_line": "ffuf -w /home/rengine/wordlists/fuzz-Bo0oM.txt -p 0.05 -t 30 -timeout 5 -ac -mc 200,204 -u http://www.vulnweb.com/FUZZ -json", "scanned_date": "2024-09-03T22:11:40.431Z", "directory_files": [ 39