-
Notifications
You must be signed in to change notification settings - Fork 37
/
fuzz.conf
43 lines (28 loc) · 1.18 KB
/
fuzz.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# 配置各个参数,以逗号分隔
[initconfig]
# 黑名单HOST-为了避免带来不必要的麻烦.
black_hosts =.gov,localhost,127.0.0.1,google,gstatic,cnzz.com,doubleclick,police,mil.cn,gov.cn,gov.com
# 静态文件黑名单-这些不做Fuzz
url_ext_black =.ico,.flv,.css,.jpg,.png,.jpeg,.gif,.pdf,.ss3,.txt,.rar,.zip,.avi,.mp4,.swf,.wmi,.exe,.mpeg
# 白名单HOST-为了限制Fuzz的范围, 默认为空-表示对除黑名单范围外的所有地址进行Fuzz.
white_site =
# 参数名黑名单-如: submit
black_parameters =submit
# 请求超时-限制每次Fuzz请求超时时间
timeout =3
# 我的DnsLog地址
my_cloudeye =ano1qu2j.xfkxfk.com
# 判断是够注入命令执行成功的关键字
checkkeys =110586256,/bin/bash,nameserver,IPv4,Windows IP
# 用于测试命令注入的基本命令
base_command =cat /etc/resolv.conf,echo 110586256,ipconfig,ping CommandInj.{my_cloudeye}
# Fuzz线程数
fuzz_count =50
# fuzz的payload类型, 默认False-表示使用自定义的规则
commix_payload_type =False
# DnsLog登录会话ID
dnslog_sessionid =q6wvxls223vykg79vkd4dn2b40zd2d1
# Your Domain
custom_domain =a12s2u2j
# 记录成功结果的Log文件
Logfile =rce_success_results.txt