nuclei-templates/examples/http-intruder-fuzz.yaml

38 lines
989 B
YAML
Raw Normal View History

2020-05-22 15:12:25 +00:00
id: dummy-raw
info:
2020-05-25 07:34:30 +00:00
name: Example-Fuzzing
2020-05-22 15:12:25 +00:00
requests:
- payloads:
param_a: /home/user/wordlist_param_a.txt
param_b: /home/user/wordlist_param_b.txt
2020-05-25 07:34:30 +00:00
attack: clusterbomb # Available options: sniper, pitchfork and clusterbomb
2020-05-22 15:12:25 +00:00
raw:
# Request with simple param and header manipulation with DSL functions
2020-05-25 07:34:30 +00:00
- |
POST /?param_a={{param_a}}&paramb={{param_b}} HTTP/1.1
User-Agent: {{param_a}}
Host: {{Hostname}}
another_header: {{base64(param_b)}}
Accept: */*
2020-05-22 15:12:25 +00:00
2020-05-25 07:34:30 +00:00
This is the Body
2020-05-22 15:12:25 +00:00
# Request with body manipulation
2020-05-25 07:34:30 +00:00
- |
DELETE / HTTP/1.1
User-Agent: nuclei
Host: {{Hostname}}
This is the body {{sha256(param_a)}}
2020-05-22 15:12:25 +00:00
# Yet another one
2020-05-25 07:34:30 +00:00
- |
PUT / HTTP/1.1
Host: {{Hostname}}
This is again the request body {{html_escape(param_a)}} + {{hex_encode(param_b))}}
2020-05-22 15:12:25 +00:00
matchers:
- type: word
2020-05-25 07:34:30 +00:00
words:
2020-05-22 15:12:25 +00:00
- "title"
- "body"