glitchedgitz
commented
5 months ago Hi @laluka, Can you use --verbose command and share with output from there. And please check if you have cook installed as well. Thanks!
Open laluka opened 5 months ago
glitchedgitz
commented
5 months ago Hi @laluka, Can you use --verbose command and share with output from there. And please check if you have cook installed as well. Thanks!
laluka
commented
5 months ago Aaaand cook was missing.. :sweat: It works smoothly now!
Might be nice to add a --health to the binary, or --validate-setup to ensure the servers is able to find all its dependencies at boot-time ? :smile:
glitchedgitz
commented
5 months ago Might be nice to add a --health to the binary, or --validate-setup to ensure the servers is able to find all its dependencies at boot-time ? 😄
Definetly, soon installating/updating tools will be managed automatically.
glitchedgitz
commented
5 months ago Having here a prefix or color code to easily differentiate the different tasks would be super nice :
I have some plans to handle these tabs grouping, let me ready the design mockups and then we will discuss these in discord.
noraj
commented
5 months ago I have cook and ffuf installed but I can't see any results.
glitchedgitz
commented
5 months ago @noraj Can you share the screenshot? For both payload page and result page
noraj
commented
5 months ago The first time I see a Running alert and it auto-switch to the result tab.
Result tab is empty.
Here is what I see with verbose flag:
2024/02/22 21:11:17 [RunCommand]: { file cook 1-10 VhaBi7ZTteINYJsOWcL2f3yf}
2024/02/22 21:11:17 Command received: {Q58ImQMzM8N8aUx file cook 1-10 VhaBi7ZTteINYJsOWcL2f3yf}
2024/02/22 21:11:17 [RunningCommand] /usr/bin/bash -c cook 1-10 > VhaBi7ZTteINYJsOWcL2f3yf
2024/02/22 21:11:17 [RunCommand]: { collection ffuf -w VhaBi7ZTteINYJsOWcL2f3yf:H4G5G4JHDJ5NFUZZK54K29D8CKSJ4 -request /home/noraj/.cache/grroxy/intruder -od intruder_h0tb971hex3j5s2_ewltjh3ggqbd8ut -t 2 -mc all -json intruder_h0tb971hex3j5s2_ewltjh3ggqbd8ut }
2024/02/22 21:11:17 Command received: {kEigre46wBPWiZv collection ffuf -w VhaBi7ZTteINYJsOWcL2f3yf:H4G5G4JHDJ5NFUZZK54K29D8CKSJ4 -request /home/noraj/.cache/grroxy/intruder -od intruder_h0tb971hex3j5s2_ewltjh3ggqbd8ut -t 2 -mc all -json intruder_h0tb971hex3j5s2_ewltjh3ggqbd8ut }
2024/02/22 21:11:17 RunningCommand: ffuf -w VhaBi7ZTteINYJsOWcL2f3yf:H4G5G4JHDJ5NFUZZK54K29D8CKSJ4 -request /home/noraj/.cache/grroxy/intruder -od intruder_h0tb971hex3j5s2_ewltjh3ggqbd8ut -t 2 -mc all -json
2024/02/22 21:11:18 Error waiting for command: exit status 2@noraj can you try with default request and payload?
New Playground > New Intruder > Run
While in the webUI, trying to start a simpple fuzz :
A click on the notif could/should lead us to the opened fuzz pane in the playground :
On the playground, results are not shown yet but works after a refresh. Having here a prefix or color code to easily differentiate the different tasks would be super nice :
Starting the fuzz with a simple list and two threads (be gentle, default might/could be 5 to avoid "DOS by default" behavior for newcomers :rose:
Sadly, no results are shown after (incredibly fast??) completion :
I assume ffuf isn't found, yet it's present in my system (not default path maybe?), and there seems to not be any settings to specify the way to invoke it ?
Thaaaat being said, the work already done is truly impressive. Good job, and I'm really looking forward using your tool more!
Side note (not worth a full issue), I played a bit with the testSql & testCommand endpoints, allowing (you guessed it) post-auth command execution. This isn't something we'll be avoid with such tool and needs of "binary to run" configuration. But the auth and routing systems seems to be in place, working properly, and with no trivial bypass, congratz ! :sunflower:
Have a lovely day, Laluka