htrgouvea / nozaki Goto Github PK

Using an SCA (Software Composition Analysis) is super important for code integrity and application security. There is no SCA present in this repository yet, so I am opening this issue to plan this activity.

Reference: https://owasp.org/www-community/Component_Analysis

Something like:

$ nozaki.pl -m GET -u https://target.com/login.php?${substrings} --wordilist substrings.txt

It would be amazing if somehow we could fuzz multiple values and multiple contexts.

Imagine if a user can use: #6, #7, #8 feature in the unique command

During the fuzzing process, many requests are sent and web applications may have rate-limit controls and consequently block and prevent fuzzing from continuing.

One thing that could help make this fuzzing identification process more difficult is the possibility of using several different user agents. So, an option like: --random-agent would be super interesting.

Hi,

I think it's interesting to have a specific filter by "Content-Type". For example, I'm fuzzing several applications trying to find available package.json files. For this, I'm using a custom wordlist and the following parameters:

./nozaki.pl -m GET -u $i -w wordlists/test.txt -r 200 --content "version"

But there are still some false positives, I believe it could be aggressively reduced if I could filter by JSON content Type.
Thanks.

It is necessary to add ZARN (github.com/htrgouvea/zarn) as a SAST resource to check for security issues in all codes that are inserted into this repository.

Ideally, this is a step that you execute with each new PR.

Basically is a new option to possibility send all requests and responses to a proxy tool like Burp Suite or OWASP ZAP.

Something like:

$ nozaki.pl -m POST -u https://target.com/login.php  --data "var=${data}" --wordlist data.txt

I believe that a useful new feature would be the possibility of sending Nozaki requests to a proxy.

Something like:

$ perl nozaki.pl --proxy http://0.0.0.0:8080 -m GET -u https://target.com

Recebo esse erro quanto tento executar
perl nozaki.pl 127 ⨯
Can't locate Find/Lib.pm in @inc (you may need to install the Find::Lib module) (@inc contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.32.1 /usr/local/share/perl/5.32.1 /usr/lib/x86_64-linux-gnu/perl5/5.32 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.32 /usr/share/perl/5.32 /usr/local/lib/site_perl) at nozaki.pl line 8.
BEGIN failed--compilation aborted at nozaki.pl line 8.

Hi Nozaki Team,

It would be very interesting if the tool had a specific help menu for a specific, for example:

perl nozaki.pl --workflow --help
perl nozaki.pl --wordlist --help

or else:

--module-help

Thx!

I have an idea which is to implement a new filter based on the content of the response.

The objective of detecting response pages with information leaks, for example.

Something like: nozaki.pl --content "MySQL"
If the string exists in the response content, it prints it.

Through Header Fuzzing, if it is reflected in the response body, it may be possible to identify an XSS or SSTI/CSTI

It would be interesting if the fuzzer itself identified some of the technologies used by the application, consequently, taking the freedom to decide which wordlists to use.

References:

1. https://github.com/iustin24/chameleon

The integration of unit testing is not merely a best practice but a crucial step toward ensuring the reliability and resilience of our codebase. By conducting targeted tests on individual components, we fortify our project against bugs, elevate code stability, and lay the foundation for seamless collaboration.

Unit testing offers early bug detection, instills confidence during refactoring, and serves as living documentation for our code. In our context, it translates to enhanced code quality, improved collaboration, and accelerated development.

To kickstart this process, let's identify critical components, select a fitting testing framework, craft comprehensive test cases, and seamlessly integrate tests into our CI/CD pipeline.

I think it would be interesting to have a feature to do recursively on found paths or links that were found on this host, which are from the same origin... We can structure this better but I wanted to leave the idea here noted :D

Something like:

$ nozaki.pl -m GET -u https://target.com/login.php -H "Authorization: ${headers}" --wordlist headers.txt