WSP-LAB / Fuse
A penetration testing tool for finding file upload bugs (NDSS 2020)
Stars: ✭ 147
Programming Languages
python
139335 projects - #7 most used programming language
Labels
Projects that are alternatives of or similar to Fuse
Pakuri
Penetration test Achieve Knowledge Unite Rapid Interface
Stars: ✭ 125 (-14.97%)
Mutual labels: penetration-testing
Trigmap
A wrapper for Nmap to quickly run network scans
Stars: ✭ 132 (-10.2%)
Mutual labels: penetration-testing
Minimalistic Offensive Security Tools
A repository of tools for pentesting of restricted and isolated environments.
Stars: ✭ 135 (-8.16%)
Mutual labels: penetration-testing
Pidrila
Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Stars: ✭ 125 (-14.97%)
Mutual labels: penetration-testing
Black Widow
GUI based offensive penetration testing tool (Open Source)
Stars: ✭ 124 (-15.65%)
Mutual labels: penetration-testing
Print My Shell
Python script wrote to automate the process of generating various reverse shells.
Stars: ✭ 140 (-4.76%)
Mutual labels: penetration-testing
Buffer overflow
Don't let buffer overflows overflow your mind
Stars: ✭ 131 (-10.88%)
Mutual labels: penetration-testing
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+1140.82%)
Mutual labels: penetration-testing
Jwtxploiter
A tool to test security of json web token
Stars: ✭ 130 (-11.56%)
Mutual labels: penetration-testing
Learn Web Hacking
Study Notes For Web Hacking / Web安全学习笔记
Stars: ✭ 2,326 (+1482.31%)
Mutual labels: penetration-testing
Nosqlmap
Automated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+1211.56%)
Mutual labels: penetration-testing
Awesome Hacking Resources
A collection of hacking / penetration testing resources to make you better!
Stars: ✭ 11,466 (+7700%)
Mutual labels: penetration-testing
Silentbridge
Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.
Stars: ✭ 136 (-7.48%)
Mutual labels: penetration-testing
Msploitego
Pentesting suite for Maltego based on data in a Metasploit database
Stars: ✭ 124 (-15.65%)
Mutual labels: penetration-testing
Awesome Vulnerable
A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
Stars: ✭ 133 (-9.52%)
Mutual labels: penetration-testing
Astra
Automated Security Testing For REST API's
Stars: ✭ 1,898 (+1191.16%)
Mutual labels: penetration-testing
Quiver
Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✭ 140 (-4.76%)
Mutual labels: penetration-testing
Information Security
A place where I can create, collect and share tooling, resources and knowledge about information security.
Stars: ✭ 135 (-8.16%)
Mutual labels: penetration-testing
FUSE
FUSE is a penetration testing system designed to identify Unrestricted Executable File Upload (UEFU) vulnerabilities. The details of the testing strategy is in our paper, "FUSE: Finding File Upload Bugs via Penetration Testing", which appeared in NDSS 2020. To see how to configure and execute FUSE, see the followings.
Setup
Install
FUSE currently works on Ubuntu 18.04 and Python 2.7.15.
- Install dependencies
# apt-get install rabbitmq-server
# apt-get install python-pip
# apt-get install git
- Clone and build FUSE
$ git clone https://github.com/WSP-LAB/FUSE
$ pip install -r requirement.txt
- If you plan to leverage headless browser verification using selenium, please install Chrome and Firefox web driver by refering selenium document.
Usage
Configuration
-
FUSE uses a user-provided configuration file that specifies parameters for a target PHP application. The script must be filled out before testing a target Web application. You can check out README file and example configuration files.
-
Configuration for File Monitor (Optional)
$ vim filemonitor.py
...
10 MONITOR_PATH='/var/www/html/' <- Web root of the target application
11 MONITOR_PORT=20174 <- Default port of File Monitor
12 EVENT_LIST_LIMITATION=8000 <- Maxium number of elements in EVENT_LIST
...
Execution
- FUSE
$ python framework.py [Path of configuration file]
- File Monitor
$ python filemonitor.py
- Result
- When FUSE completes the penetration testing, a [HOST] directory and a [HOST_report.txt] file are created.
- A [HOST] folder stores files that have been attempted to upload.
- A [HOST_report.txt] file contains test results and information related to files that trigger U(E)FU.
CVEs
If you find UFU and UEFU bugs and get CVEs by running FUSE, please send a PR for README.md
| Application | CVEs |
|---|---|
| Elgg | CVE-2018-19172 |
| ECCube3 | CVE-2018-18637 |
| CMSMadeSimple | CVE-2018-19419, CVE-2018-18574 |
| CMSimple | CVE-2018-19062 |
| Concrete5 | CVE-2018-19146 |
| GetSimpleCMS | CVE-2018-19420, CVE-2018-19421 |
| Subrion | CVE-2018-19422 |
| OsCommerce2 | CVE-2018-18572, CVE-2018-18964, CVE-2018-18965, CVE-2018-18966 |
| Monstra | CVE-2018-6383, CVE-2018-18694 |
| XE | XEVE-2019-001 |
Author
This research project has been conducted by WSP Lab at KAIST.
- Taekjin Lee
- Seongil Wi
- Suyoung Lee
- Sooel Son
Citing FUSE
To cite our paper:
@INPROCEEDINGS{lee:ndss:2020,
author = {Taekjin Lee and Seongil Wi and Suyoung Lee and Sooel Son},
title = {{FUSE}: Finding File Upload Bugs via Penetration Testing},
booktitle = {Proceedings of the Network and Distributed System Security Symposium},
year = 2020
}
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].