Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
Home Page: https://www.hackinn.com/index.php/archives/744/
License: GNU General Public License v3.0
ERROR: Command errored out with exit status 1: 'c:\users\lenovo\appdata\local\programs\python\python39\python.exe' 'c:\users\lenovo\appdata\local\programs\python\python39\lib\site-packages\pip' install --ignore-installed --no-user --prefix 'C:\Users\Lenovo\AppData\Local\Temp\pip-build-env-ltpw7k79\overlay' --no-warn-script-location --no-binary :none: --only-binary :none: -i https://pypi.org/simple -- 'setuptools >= 40.8.0' wheel 'Cython >= 3.0a5' 'cffi >= 1.12.3 ; platform_python_implementation == '"'"'CPython'"'"'' 'greenlet >= 0.4.17 ; platform_python_implementation == '"'"'CPython'"'"'' Check the logs for full command output.
这是环境问题嘛
比如我扫描的时候www.xxx.com然后它里面的api是这种:
http://www.xxx.com:4567/api/xxxx1
请问这种怎么指定测试API的时候前面那个端口为4567
无法下载到对应版本的execjs包
首先感谢开源这么优秀的扫描工具。对于安全从业人员来讲,看大佬们写的工具,确实是牛。
这次在试用的时候发现了一丢丢小问题。
1.js解析的时候api获取不全,有点少。针对我们的一个网站扫了下,拿到了11个api接口,全是get接口和重复的,实际总共的接口数量大概在60个上下。
2.在漏洞检测逻辑上可能有点小问题,譬如,扫描报告中的未授权,但是我们这个网站有些接口是开放的,所以有些接口不需要鉴权,并且有些需要登录的接口,我们在接口状态码返回的是类似于20000这类自定义错误码,是属于访问失败。这块可能检测逻辑稍微有点小问题。
比如:PackerFuzzer.py -u “http://www.baidu.com:81” 无法扫描
[16:38:18] 正在解析网页中...
[16:38:18] 网页解析完毕,共发现4个JS文件
[Err] unable to open database file
[16:38:18] 正在暴力检测JS文件中...
[16:38:18] JS文件收集结束,开始提取平台API...
[16:38:18] 提取API总数过少,自动开启暴力提取模式
[16:38:18] 提取流程结束,初步提取API可能结果数:0
[16:38:18] 正在检测目标响应状态中...
0it [00:00, ?it/s]
[16:38:18] 目标响应状态检测结束,开始漏洞检测...
[16:38:18] 开始检测未授权访问漏洞
[16:38:18] 开始检测敏感信息泄露漏洞
[16:38:18] 开始检测CORS漏洞
[Err] 'access-control-allow-origin'
[16:38:18] 检测报告正在生成中...
[16:38:51] 检测报告生成完毕!
[-] 全部扫描及检测完毕,Packer Fuzzer团队感谢您的使用!
[!] 进入高级模式流程...
[10:25:42] 正在对JS文件做二次美化中...
[10:25:42] 正在提取API参数中,提取时间可能较长...
100%|███████████████████████████████████████████████████████████████████████████████████████████████| 24/24 [00:24<00:00, 1.00s/it]
Traceback (most recent call last):
File "PackerFuzzer.py", line 26, in
tt.check()
File "PackerFuzzer.py", line 19, in check
t.parseStart()
File "/home/explo1t/Desktop/Packer-Fuzzer/lib/Controller.py", line 48, in parseStart
FuzzerParam(projectTag).FuzzerCollect()
File "/home/explo1t/Desktop/Packer-Fuzzer/lib/FuzzParam.py", line 337, in FuzzerCollect
cursor.execute(sql)
sqlite3.OperationalError: near "type": syntax error
Follow install process on the README.en.md and got this error:
I'm on Ubuntu 20.04.1 LTS
$ python3 PackerFuzzer.py -u https://demo.poc-sir.com/
____ _ _____
| _ \ __ _ ___| | _____ _ __ | ___| _ ___________ _ __
| |_) / _` |/ __| |/ / _ \ '__| | |_ | | | |_ /_ / _ \ '__|
| __/ (_| | (__| < __/ | | _|| |_| |/ / / / __/ |
|_| \__,_|\___|_|\_\___|_| |_| \__,_/___/___\___|_|
Packer Fuzzer v1.2
©2021 Poc-Sir、KpLi0rn、Liucy、RachesseHS、Lupin-III
Project Hub: https://github.com/rtcatc/Packer-Fuzzer
[+] Network connectivity checked, current egress IP:152.254.225.102
[23:14:59] Target sites:https://demo.poc-sir.com/
[23:14:59] Parsing the page ...
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 159, in _new_conn
conn = connection.create_connection(
File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 61, in create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
File "/usr/lib/python3.8/socket.py", line 918, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -2] Name or service not known
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in _validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 314, in connect
conn = self._new_conn()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 171, in _new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7fc48fdcf910>: Failed to establish a new connection: [Errno -2] Name or service not known
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='demo.poc-sir.com', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fc48fdcf910>: Failed to establish a new connection: [Errno -2] Name or service not known'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "PackerFuzzer.py", line 26, in <module>
tt.check()
File "PackerFuzzer.py", line 19, in check
t.parseStart()
File "/media/gutem/10TB/code/Packer-Fuzzer/lib/Controller.py", line 33, in parseStart
ParseJs(projectTag, self.url, self.options).parseJsStart()
File "/media/gutem/10TB/code/Packer-Fuzzer/lib/ParseJs.py", line 165, in parseJsStart
self.requestUrl()
File "/media/gutem/10TB/code/Packer-Fuzzer/lib/ParseJs.py", line 47, in requestUrl
demo = requests.get(url=url, headers=headers,proxies=self.proxy_data).text
File "/usr/lib/python3/dist-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/usr/lib/python3/dist-packages/requests/api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='demo.poc-sir.com', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fc48fdcf910>: Failed to establish a new connection: [Errno -2] Name or service not known'))
[Err] local variable 'cursor' referenced before assignment
[21:57:26] 目标站点:http://114.*.*.98:9527
[21:57:26] 正在解析网页中...
Traceback (most recent call last):
File "PackerFuzzer.py", line 26, in
tt.check()
File "PackerFuzzer.py", line 19, in check
t.parseStart()
File "D:\Tool\Packer-Fuzzer\lib\Controller.py", line 30, in parseStart
ParseJs(projectTag, self.url, self.options).parseJsStart()
File "D:\Tool\Packer-Fuzzer\lib\ParseJs.py", line 154, in parseJsStart
self.requestUrl()
File "D:\Tool\Packer-Fuzzer\lib\ParseJs.py", line 60, in requestUrl
conn = sqlite3.connect(os.sep.join(PATH.split('/')))
sqlite3.OperationalError: unable to open database file
Windows平台,python3.6,没有在tmp目录下创建子文件夹导致报错
这边这里检测出了文件上传,但是并没有显示api的信息,这个检测并没有错,确实有文件上传,但是api的具体信息有缺失
windows版运行,只需要安装requirements.txt里面的,还是同时需要安装nodejs?
[19:33:53] 提取流程结束,初步提取API可能结果数:374
[19:33:53] 正在检测目标响应状态中...
100%|█████████████████████████████████████████████████████████████████████████████████████████████| 374/374 [01:15<00:00, 4.97it/s]
Traceback (most recent call last):
File "PackerFuzzer.py", line 26, in
tt.check()
File "PackerFuzzer.py", line 19, in check
t.parseStart()
File "/home/explo1t/Desktop/Packer-Fuzzer/lib/Controller.py", line 42, in parseStart
DatabaseType(projectTag).insertTextFromDB(getTexts)
File "/home/explo1t/Desktop/Packer-Fuzzer/lib/Database.py", line 244, in insertTextFromDB
cursor.execute(sql)
sqlite3.OperationalError: near "GET": syntax error
当出现ssl证书验证的站:
扫描会SSL验证报错:
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "PackerFuzzer.py", line 26, in
tt.check()
File "PackerFuzzer.py", line 19, in check
t.parseStart()
File "E:\Hacker\Tool\Packer-Fuzzer-1.2\lib\Controller.py", line 33, in parseStart
ParseJs(projectTag, self.url, self.options).parseJsStart()
File "E:\Hacker\Tool\Packer-Fuzzer-1.2\lib\ParseJs.py", line 167, in parseJsStart
self.requestUrl()
File "E:\Hacker\Tool\Packer-Fuzzer-1.2\lib\ParseJs.py", line 49, in requestUrl
demo = requests.get(url=url, headers=headers,proxies=self.proxy_data).text
File "F:\Anaconda\anaconda3\lib\site-packages\requests\api.py", line 76, in get
return request('get', url, params=params, **kwargs)
File "F:\Anaconda\anaconda3\lib\site-packages\requests\api.py", line 61, in request
return session.request(method=method, url=url, *kwargs)
File "F:\Anaconda\anaconda3\lib\site-packages\requests\sessions.py", line 530, in request
resp = self.send(prep, send_kwargs)
File "F:\Anaconda\anaconda3\lib\site-packages\requests\sessions.py", line 643, in send
r = adapter.send(request, kwargs)
File "F:\Anaconda\anaconda3\lib\site-packages\requests\adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='', port=8443): Max retries exceeded with url: /login (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1108)')))
建议增加全局忽略警告,例如(纯属建议哈,具体大佬看怎么改):
在 lib/ParseJs.py中增加全局忽略警告:
requests.packages.urllib3.disable_warnings()
ssl._create_default_https_context = ssl._create_unverified_context
然后再请求处添加 verify=False:
demo = requests.get(url=url, headers=headers, proxies=self.proxy_data,verify=False).text
如下图,当html中出现chunk类js时,脚本能识别到,但是拼接路径时直接跟路径访问了,因为没有加 /static/js/ ,结果全部报404
在测试时发现,在提取API后,Packet-Fuzzer会进行API有效测试,当无效时会认为这是一个无效的API不去存储。但我在测试时,却发现其实很多API是存在越权的,需要手工去测试。所以能否增加一个逻辑,当API无效时,也保存API提取结果,供人工参考测试。
USe pip install PyExecJS
建议
比如批量扫描url,非网站根域名,子域名
I have link of all url in txt file. So I want to scan all urls
Traceback (most recent call last):
File "PackerFuzzer.py", line 26, in
tt.check()
File "PackerFuzzer.py", line 19, in check
t.parseStart()
File "/root/Packer-Fuzzer-1.0/lib/Controller.py", line 42, in parseStart
DatabaseType(projectTag).insertTextFromDB(getTexts)
File "/root/Packer-Fuzzer-1.0/lib/Database.py", line 244, in insertTextFromDB
cursor.execute(sql)
ValueError: the query contains a null character
坚决不白嫖多交漏洞 多做贡献
Traceback (most recent call last):
File "PackerFuzzer.py", line 26, in
tt.check()
File "PackerFuzzer.py", line 19, in check
t.parseStart()
File "/root/Packer-Fuzzer-1.0/lib/Controller.py", line 42, in parseStart
DatabaseType(projectTag).insertTextFromDB(getTexts)
File "/root/Packer-Fuzzer-1.0/lib/Database.py", line 244, in insertTextFromDB
cursor.execute(sql)
ValueError: the query contains a null character
如果webpack打包的位置在top下与域名同层应该怎么操作呢?-u 后面下地址,只能提取到地址下的js
File "PackerFuzzer.py", line 19, in check
t.parseStart()
File "C:\Users\admim\Downloads\Packer-Fuzzer-master\lib\Controller.py", line 31, in parseStart
RecoverSpilt(projectTag,self.options).recoverStart()
File "C:\Users\admim\Downloads\Packer-Fuzzer-master\lib\Recoverspilt.py", line 161, in recoverStart
self.checkCodeSpilting(filePath)
File "C:\Users\admim\Downloads\Packer-Fuzzer-master\lib\Recoverspilt.py", line 69, in checkCodeSpilting
jsFile = jsOpen.readlines()
File "C:\Users\admim\AppData\Local\Programs\Python\Python38\lib\codecs.py", line 322, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xc3 in position 845: invalid continuation byte
运行命令为python PackerFuzzer.py -u https://www.qq.com -r 1.txt
[10:13:22] 正在检测目标响应状态中...
100%|█████████████████████████████████████████| 295/295 [00:59<00:00, 4.92it/s]
Traceback (most recent call last):
File "PackerFuzzer.py", line 26, in
tt.check()
File "PackerFuzzer.py", line 19, in check
t.parseStart()
File "/Users/MASK/Documents/pentest/Web/Packer-Fuzzer/lib/Controller.py", line 42, in parseStart
DatabaseType(projectTag).insertTextFromDB(getTexts)
File "/Users/MASK/Documents/pentest/Web/Packer-Fuzzer/lib/Database.py", line 244, in insertTextFromDB
cursor.execute(sql)
ValueError: the query contains a null character
地址已发邮箱
[Err] unable to open database file
Traceback (most recent call last):
File "PackerFuzzer.py", line 26, in
tt.check()
File "PackerFuzzer.py", line 19, in check
t.parseStart()
File "D:\渗透工具\GitTools\Packer-Fuzzer\lib\Controller.py", line 31, in parseStart
RecoverSpilt(projectTag,self.options).recoverStart()
File "D:\渗透工具\GitTools\Packer-Fuzzer\lib\Recoverspilt.py", line 156, in recoverStart
projectPath = DatabaseType(self.projectTag).getPathfromDB()
File "D:\渗透工具\GitTools\Packer-Fuzzer\lib\Database.py", line 112, in getPathfromDB
host = cursor.fetchone()[0] # 第一个即可
TypeError: 'NoneType' object is not subscriptable
过滤转义 @1104972454
Traceback (most recent call last):
File "PackerFuzzer.py", line 26, in
tt.check()
File "PackerFuzzer.py", line 19, in check
t.parseStart()
File "/root/tools/Packer-Fuzzer/lib/Controller.py", line 48, in parseStart
FuzzerParam(projectTag).FuzzerCollect()
File "/root/tools/Packer-Fuzzer/lib/FuzzParam.py", line 327, in FuzzerCollect
for option in options:
UnboundLocalError: local variable 'options' referenced before assignment
为什么系统可以正常访问,但是一直显示这个错误
[!] 共发现1个安全漏洞: 高危1个, 中危0个, 低危0个
[17:31:15] 检测报告正在生成中...
[Err] local variable 'js_path' referenced before assignment
[Err] local variable 'vuln_detail' referenced before assignment
[17:31:18] 检测报告生成完毕!
[-] 全部扫描及检测完毕,Packer Fuzzer团队感谢您的使用!
report目录并没有该目标报告
很好的工具!
但是存在大量未授权访问误报,如下两图:
大量API都返回类似"success:false"或者"No such operation"之类的信息,工具错误判断为未授权访问了。
建议:
1:HTTP状态码过滤,如500,401,403等。
2:关键字过滤,如false,error,exception等。
3:增加可选的授权参数,如--token/--cookie,对比授权和未授权请求某API的返回内容进行过滤。
命令
python PackerFuzzer.py -u https://www.umeng.com
错误信息
[02:27:11] 提取API总数过少,自动开启暴力提取模式
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\0VHodj.dpluscode
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\2Ikp6q.font_1515515_uf5ph5s0t7f.js
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\2YEila.iconfont
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\6tBbPc.js
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\8TDyss.js
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\9mQ1s8.jsonp.js
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\A9un24.js
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\CMQV9h.js
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\CWbauc.js
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\ESR1zj.js
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\eYEzO4.js
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\HAH9vn.index.js
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\i8kE0R.js
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\LoVUVM.alicarejs
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\lwuFEg.js
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\q9fgs1.js
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\R0eaG0.js
[02:27:11] 暴力提取文件:tmp\WPw65D_www.umeng.com\tp4JFn
[02:27:12] 暴力提取文件:tmp\WPw65D_www.umeng.com\wz4tkh.clue.js
[02:27:12] 暴力提取文件:tmp\WPw65D_www.umeng.com\XcfvvR.js
[02:27:12] 暴力提取文件:tmp\WPw65D_www.umeng.com\yZbonD.js
Traceback (most recent call last):
File "PackerFuzzer.py", line 26, in
tt.check()
File "PackerFuzzer.py", line 19, in check
t.parseStart()
File "C:\Users\admim\Desktop\工具\安全工具\信息收集\js信息收集\Packer-Fuzzer-master\lib\Controller.py", line 32, in parseStart
Apicollect(projectTag).apireCoverStart()
File "C:\Users\admim\Desktop\工具\安全工具\信息收集\js信息收集\Packer-Fuzzer-master\lib\ApiCollect.py", line 195, in apireCoverStart
self.apiComplete()
File "C:\Users\admim\Desktop\工具\安全工具\信息收集\js信息收集\Packer-Fuzzer-master\lib\ApiCollect.py", line 155, in apiComplete
DatabaseType(self.projectTag).apiRecordToDB(filePath, completeApiPath)
File "C:\Users\admim\Desktop\工具\安全工具\信息收集\js信息收集\Packer-Fuzzer-master\lib\Database.py", line 145, in apiRecordToDB
jsFileID = DatabaseType(self.projectTag).getJsIDFromDB(localFileName, projectPath)
File "C:\Users\admim\Desktop\工具\安全工具\信息收集\js信息收集\Packer-Fuzzer-master\lib\Database.py", line 135, in getJsIDFromDB
jsFileID = cursor.fetchone()[0] # 第一个即可
TypeError: 'NoneType' object is not subscriptable
Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)')
哥哥,能抽空解答一下这个错误吗
Windows下提示还缺少execjs模块,不知道考不考虑丢进 requirements.txt里一并给安装了;
解决:pip install PyExecJS
描述错误
一些 js 里可能会包含一些删除数据的接口,若这些接口刚好存在未授权,就可能导致数据误删。例如接口
https://foo.bar/Filter/delFilterById
https://foo.bar/comment/delete
https://foo.bar/product/delProductLine
建议
报错:[Err] unable to open database file
报错截图:
感觉自带的js爆破很多 路劲出不来
是否可以添加js爆破字典功能,可以添加自定义字典
建议加一个参数 -r读取txt,使用burp数据包。一个一个头参数设置挺麻烦的
apiExts = *,+,=,{,},[,],(,),<,>,@,#,",',@,:,?,!, ,^,,(,),.docx,.xlsx,.jpeg,.jpg,.bmp,.png,.svg,.vue,.js,.doc,.ppt,.pptx,.mp3,.png,.doc,.pptx,.xls,.mp4,.gif,.css
ini文件的注释是 # 导致之后的属性没有读取到对象中
目前所有获取的api会在log里记录访问的结果,能不能单独输出一个文件
E:\信息收集\Packer-Fuzzer>py -3 PackerFuzzer.py
Traceback (most recent call last):
File "PackerFuzzer.py", line 4, in
from lib.Controller import Project
ModuleNotFoundError: No module named 'lib.Controller'
ERROR: Command errored out with exit status 1: 'c:\users\lenovo\appdata\local\programs\python\python39\python.exe' 'c:\users\lenovo\appdata\local\programs\python\python39\lib\site-packages\pip' install --ignore-installed --no-user --prefix 'C:\Users\Lenovo\AppData\Local\Temp\pip-build-env-ltpw7k79\overlay' --no-warn-script-location --no-binary :none: --only-binary :none: -i https://pypi.org/simple -- 'setuptools >= 40.8.0' wheel 'Cython >= 3.0a5' 'cffi >= 1.12.3 ; platform_python_implementation == '"'"'CPython'"'"'' 'greenlet >= 0.4.17 ; platform_python_implementation == '"'"'CPython'"'"'' Check the logs for full command output.
这是环境问题嘛
[!] 检测到提取结果不准确,请输入新的BaseDir (使用逗号分隔):other Traceback (most recent call last): File "PackerFuzzer.py", line 26, in <module> tt.check() File "PackerFuzzer.py", line 19, in check t.parseStart() File "E:\Project\Git\Packer-Fuzzer\lib\Controller.py", line 47, in parseStart Apicollect(projectTag, self.options).apireCoverStart() File "E:\Project\Git\Packer-Fuzzer\lib\ApiCollect.py", line 204, in apireCoverStart self.apiComplete() File "E:\Project\Git\Packer-Fuzzer\lib\ApiCollect.py", line 162, in apiComplete DatabaseType(self.projectTag).apiRecordToDB(filePath, completeApiPath) File "E:\Project\Git\Packer-Fuzzer\lib\Database.py", line 145, in apiRecordToDB jsFileID = DatabaseType(self.projectTag).getJsIDFromDB(localFileName, projectPath) File "E:\Project\Git\Packer-Fuzzer\lib\Database.py", line 135, in getJsIDFromDB jsFileID = cursor.fetchone()[0] # 第一个即可 TypeError: 'NoneType' object is not subscriptable
release v1.3
bug:
1.js文件的url开头为//时会直接拼接在扫描目标域名后导致bug。
2.生成的html报告v1.3版本的还显示1.2。
建议:
增加直接扫描指定js文件的功能,不用-u,建议可以在-j参数上处理(或者增加参数如--j-without-url)。
在处理bug-1的问题时-j扫描指定的js文件会出现重复已存在的问题
python3 PackerFuzzer.py -u "http://f.xxx.com/htmlpages/page#/login" -f 1 -j "https://g.xxx.com/web/feet-model-admin/1.5.5/static/js/app.js"
Downloading:mini-login-embedder-min.js
[10:23:03] Downloading:vendor.js
[10:23:04] Downloading:app.js
[10:23:05] Downloading:manifest.js
[10:23:05] The corresponding file already exists:app.js
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
