Skip to content

Commit

Permalink
updating lightfuzz presets
Browse files Browse the repository at this point in the history
  • Loading branch information
@liquidsec
liquidsec committed Jan 17, 2025
1 parent 67be5a5 commit 86202eb
Show file tree
Hide file tree
Showing 5 changed files with 19 additions and 19 deletions.
5 changes: 3 additions & 2 deletions bbot/presets/web/lightfuzz-intense.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,14 @@ modules:
- badsecrets
- hunt
- reflected_parameters
- portfilter

config:
url_querystring_remove: False
url_querystring_collapse: True
web:
spider_distance: 4
spider_depth: 5
spider_distance: 3
spider_depth: 4
modules:
lightfuzz:
force_common_headers: False
Expand Down
3 changes: 2 additions & 1 deletion bbot/presets/web/lightfuzz-max.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
description: Discovery web parameters and lightly fuzz them for vulnerabilities, with more intense discovery techniques
description: Discovery web parameters and lightly fuzz them for vulnerabilities, with the most intense discovery techniques

flags:
- web-paramminer
Expand All @@ -10,6 +10,7 @@ modules:
- badsecrets
- hunt
- reflected_parameters
- portfilter

config:
url_querystring_remove: False
Expand Down
24 changes: 10 additions & 14 deletions bbot/presets/web/lightfuzz-ssti-test.yml → bbot/presets/web/lightfuzz-min.yml
View file
Original file line number Diff line number Diff line change
@@ -1,28 +1,24 @@
description: Discovery web parameters and lightly fuzz them for vulnerabilities, with more intense discovery techniques
description: Discovery web parameters and lightly fuzz them for vulnerabilities, with only the most common vulnerabilities and minimal extra modules

modules:
- httpx
- lightfuzz
- robots
- badsecrets
- hunt
- reflected_parameters

blacklist:
# Prevent spider from invalidating sessions by logging out
- "RE:/.*(sign|log)[_-]?out"

- portfilter

config:
url_querystring_remove: False
url_querystring_collapse: True
web:
spider_distance: 6
spider_depth: 7
spider_distance: 2
spider_depth: 3
modules:
lightfuzz:
force_common_headers: False
enabled_submodules: [ssti]
disable_post: False
enabled_submodules: [path,sqli,xss] # only look for the most common vulnerabilities
disable_post: True
excavate:
retain_querystring: True

blacklist:
# Prevent spider from invalidating sessions by logging out
- "RE:/.*(sign|log)[_-]?out"
3 changes: 2 additions & 1 deletion bbot/presets/web/lightfuzz-xss.yml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
description: Discovery web parameters and lightly fuzz them for xss vulnerabilities
description: Discovery web parameters and lightly fuzz them, optimized for looking just for xss vulnerabilities
modules:
- httpx
- lightfuzz
- paramminer_getparams
- reflected_parameters
- portfilter

config:
url_querystring_remove: False
Expand Down
3 changes: 2 additions & 1 deletion bbot/presets/web/lightfuzz.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ modules:
- badsecrets
- hunt
- reflected_parameters

- portfilter

config:
url_querystring_remove: False
url_querystring_collapse: True
Expand Down

0 comments on commit 86202eb

Please sign in to comment.