-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #23 from dreadnode/ads/eng-260-feature-dockerize-f…
…fufai-and-robopages-example feat: example for ffufai
- Loading branch information
Showing
3 changed files
with
92 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
25 changes: 25 additions & 0 deletions
25
cybersecurity/offensive/information-gathering/ffufai.Dockerfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| FROM python:3.9-slim | ||
|
|
||
| # Install git and build dependencies | ||
| RUN apt-get update && \ | ||
| apt-get install -y git python3-dev gcc && \ | ||
| apt-get clean && \ | ||
| rm -rf /var/lib/apt/lists/* | ||
|
|
||
| # Set working directory | ||
| WORKDIR /app | ||
|
|
||
| # Clone the repository | ||
| RUN git clone https://github.com/GangGreenTemperTatum/ffufai.git /app | ||
|
|
||
| # Install Python dependencies | ||
| RUN pip install --no-cache-dir -r requirements.txt cffi | ||
|
|
||
| # Create non-root user | ||
| RUN useradd -m -r -u 1000 ffufuser && \ | ||
| chown -R ffufuser:ffufuser /app | ||
| USER ffufuser | ||
|
|
||
| EXPOSE 8080 | ||
|
|
||
| ENTRYPOINT ["python", "/app/ffufai.py"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| description: > | ||
| ffufai is an AI-powered web fuzzing tool that combines the power of ffuf with | ||
| artificial intelligence to find hidden endpoints and vulnerabilities in web applications. | ||
| Requires either an OpenAI API key or Anthropic API key for AI-powered analysis. | ||
| functions: | ||
| ffufai_default_scan: | ||
| description: Perform a default fuzzing scan against a web target | ||
| parameters: | ||
| target: | ||
| type: string | ||
| description: The target URL to fuzz | ||
| examples: | ||
| - https://example.com | ||
| - http://localhost:8080 | ||
| container: | ||
| platform: linux/amd64 | ||
| image: ffufai | ||
| args: | ||
| - --net=host | ||
| volumes: | ||
| - ${cwd}:/data | ||
| cmdline: | ||
| - ffufai | ||
| - --openai-key | ||
| - ${env.OPENAI_API_KEY} | ||
| - --anthropic-key | ||
| - ${env.ANTHROPIC_API_KEY} | ||
| - -u | ||
| - ${target} | ||
|
|
||
| ffufai_full_scan: | ||
| description: Perform comprehensive fuzzing with AI analysis | ||
| parameters: | ||
| target: | ||
| type: string | ||
| description: The target URL to fuzz | ||
| examples: | ||
| - https://example.com | ||
| wordlist: | ||
| type: string | ||
| description: Wordlist to use for fuzzing | ||
| default: big.txt | ||
| threads: | ||
| type: integer | ||
| description: Number of concurrent threads | ||
| default: 40 | ||
| container: | ||
| platform: linux/amd64 | ||
| image: ffufai | ||
| args: | ||
| - --net=host | ||
| volumes: | ||
| - ${cwd}:/data | ||
| cmdline: | ||
| - ffufai | ||
| - --openai-key | ||
| - ${env.OPENAI_API_KEY} | ||
| - --anthropic-key | ||
| - ${env.ANTHROPIC_API_KEY} | ||
| - -u | ||
| - ${target} | ||
| - -w | ||
| - /app/wordlists/${wordlist} |