$ python upload-fuzz-dic-builder.py -h
usage: upload-fuzz-dic-builder [-h] [-n] [-a] [-l] [-m] [--os] [-d] [-o]
optional arguments:
-h, --help show this help message and exit
-n , --upload-filename
Upload file name
-a , --allow-suffix Allowable upload suffix
-l , --language Uploaded script language
-m , --middleware Middleware used in Web System
--os Target operating system type
-d, --double-suffix Is it possible to generate double suffix?
-o , --output Output file
生成适合全语言,全部中间件,全部操作系统的fuzz字典
python upload-fuzz-dic-builder.py
生成适合后端语言为asp的fuzz字典
python upload-fuzz-dic-builder.py -l asp
上传文件名为:test,可以上传后缀为jpg,后端语言为php,中间件为apache,操作系统为Windows,输出字典名为upload_filename.txt的fuzz字典
python upload-fuzz-dic-builder.py -n test -a jpg -l php -m apache --os win -o upload_file.txt
- 生成时给的上传点相关信息越详细,生成的字典越精确!
- 在使用burp的Intruder模块进行fuzz时将Payload面板中
Payload Encoding一栏的URL-encode these characters选项设置为未选中状态。
