GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → foospidy → web-cve-tests

foospidy / web-cve-tests

Licence: other
A simple framework for sending test payloads for known web CVEs.

Programming Languages

python
139335 projects - #7 most used programming language
Makefile
30231 projects

Labels

webtestsstrutscvepayloadscve-scanningapplication-sec

Projects that are alternatives of or similar to web-cve-tests

Vulapps
快速搭建各种漏洞环境(Various vulnerability environment)
Stars: ✭ 3,353 (+2694.17%)
Mutual labels:  struts, cve
Cve Search
cve-search - a tool to perform local searches for known vulnerabilities
Stars: ✭ 1,765 (+1370.83%)
Mutual labels:  cve, cve-scanning
cvehound
Check linux sources dump for known CVEs.
Stars: ✭ 74 (-38.33%)
Mutual labels:  cve, cve-scanning
PatrowlHearsData
Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds
Stars: ✭ 66 (-45%)
Mutual labels:  cve, cve-scanning
verification-tests
Blackbox test suite for OpenShift.
Stars: ✭ 41 (-65.83%)
Mutual labels:  tests
massh-enum
OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).
Stars: ✭ 136 (+13.33%)
Mutual labels:  cve
myBugAnalyze
一些漏洞分析
Stars: ✭ 48 (-60%)
Mutual labels:  cve
bdd
Given/When/Then/And/But output to RSpec and Minitest
Stars: ✭ 33 (-72.5%)
Mutual labels:  tests
fabric8-analytics-vscode-extension
Red Hat Dependency Analytics extension
Stars: ✭ 125 (+4.17%)
Mutual labels:  cve
atata-samples
Automation test samples based on Atata Framework
Stars: ✭ 39 (-67.5%)
Mutual labels:  tests
audio-analysis
The audio analysis code (AnalysisPrograms.exe) for the QUT Ecoacoustics Research Group
Stars: ✭ 41 (-65.83%)
Mutual labels:  tests
ctest
A simple portable C test runner
Stars: ✭ 17 (-85.83%)
Mutual labels:  tests
unittest expander
A library that provides flexible and easy-to-use tools to parameterize Python unit tests, especially those based on unittest.TestCase.
Stars: ✭ 12 (-90%)
Mutual labels:  tests
exploits
Some personal exploits/pocs
Stars: ✭ 52 (-56.67%)
Mutual labels:  cve
types-vs-tests
Tab vs spaces, vim vs emacs, types vs tests, our community is full of these conflicts. In this talk, we'll explore the latter: what is the impact of types in our programs? Can types help write more efficient tests? If so, how?
Stars: ✭ 17 (-85.83%)
Mutual labels:  tests
window-rat
The purpose of this tool is to test the window10 defender protection and also other antivirus protection.
Stars: ✭ 59 (-50.83%)
Mutual labels:  payloads
testing-framework
TYPO3 testing framework for core and extensions
Stars: ✭ 44 (-63.33%)
Mutual labels:  tests
Virtual-Host
Modified Nuclei Templates Version to FUZZ Host Header
Stars: ✭ 38 (-68.33%)
Mutual labels:  cve
XSS-Payload-without-Anything
XSS Payload without Anything.
Stars: ✭ 74 (-38.33%)
Mutual labels:  payloads
CVE-2021-41773 CVE-2021-42013
Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE
Stars: ✭ 20 (-83.33%)
Mutual labels:  cve
View All Similar Projects ➔

web-cve-tests

PRs Welcome

The goal of this tool is to send PoC payloads to verify server-side attack detection solutions. If detected, the server side should return a specified HTTP status code.

This tool is not intended to actually exploit the vulnerability or to test for the existence of the vulnerability.

Usage

Basic:

./webcve.py --url https://target-site.com

Specify detected response code (default is 403):

./webcve.py --url https://target-site.com --status-code 406

Verbose (output CVE descriptions):

./webcve.py --url https://target-site.com -v

Test a single CVE (with example output):

./webcve.py --url https://target-site.com --status-code 406 --cve CVE-2017-9791 -v
CVE-2017-9791
The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution
via a malicious field value passed in a raw message to the ActionMessage.
        Test passed (406)
        Test passed (406)
        Test passed (406)
        Test passed (406)

Test for a group of CVEs. Groups are defined in groups.json.

./webcve.py --url https://target-site.com --group struts

Test for a group type of CVEs. Types are defined in groups.json.

./webcve.py --url https://target-site.com --type cms

List available groups or types.

./webcve.py --list group
./webcve.py --list type

Contributions

Pull requests are welcome. Please use the existing CVE directories as examples of how you should structure your submission.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].