From 945bf997a17a34adc0f903e9ea5e4114492613bd Mon Sep 17 00:00:00 2001 From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com> Date: Mon, 25 Nov 2024 08:42:21 -0500 Subject: [PATCH 1/5] feat: example for ffufai --- .../information-gathering/ffufai.Dockerfile | 34 ++++++++ .../information-gathering/ffufai.yml | 77 +++++++++++++++++++ 2 files changed, 111 insertions(+) create mode 100644 cybersecurity/offensive/information-gathering/ffufai.Dockerfile create mode 100644 cybersecurity/offensive/information-gathering/ffufai.yml diff --git a/cybersecurity/offensive/information-gathering/ffufai.Dockerfile b/cybersecurity/offensive/information-gathering/ffufai.Dockerfile new file mode 100644 index 0000000..00ec9f5 --- /dev/null +++ b/cybersecurity/offensive/information-gathering/ffufai.Dockerfile @@ -0,0 +1,34 @@ +# ffufai.Dockerfile +# Git clone stage +FROM alpine:latest AS source +RUN apk add --no-cache git +WORKDIR /src +RUN git clone https://github.com/jthack/ffufai.git . || exit 1 + +# Build stage +FROM golang:1.21-alpine AS builder +WORKDIR /build +COPY --from=source /src . + +# Set Go build flags +ENV CGO_ENABLED=0 \ + GOOS=linux \ + GOARCH=amd64 \ + GO111MODULE=on + +# Build optimized binary +RUN go mod download && \ + go build -ldflags="-w -s" -o ffufai main.go + +# Final stage +FROM gcr.io/distroless/static-debian12:nonroot +WORKDIR /app + +# Copy binary and wordlists +COPY --from=builder /build/ffufai /app/ +COPY --from=builder /build/wordlists /app/wordlists + +USER nonroot:nonroot +EXPOSE 8080 + +ENTRYPOINT ["/app/ffufai"] \ No newline at end of file diff --git a/cybersecurity/offensive/information-gathering/ffufai.yml b/cybersecurity/offensive/information-gathering/ffufai.yml new file mode 100644 index 0000000..1766c7d --- /dev/null +++ b/cybersecurity/offensive/information-gathering/ffufai.yml @@ -0,0 +1,77 @@ +# ffufai.yml +description: > + ffufai is an AI-powered web fuzzing tool that combines the power of ffuf with + artificial intelligence to find hidden endpoints and vulnerabilities in web applications. + +categories: + - cybersecurity + - offensive + - information-gathering + +functions: + ffufai_default_scan: + description: Perform a default fuzzing scan against a web target + parameters: + target: + type: string + description: The target URL to fuzz + examples: + - https://example.com + - http://localhost:8080 + wordlist: + type: string + description: Wordlist to use for fuzzing + default: "common.txt" + examples: + - "directories.txt" + - "endpoints.txt" + + container: + build: + path: ${cwd}/ffufai.Dockerfile + name: ffufai_local + args: + - --net=host + volumes: + - ${cwd}:/data + + cmdline: + - /app/ffufai + - -u + - ${target} + - -w + - /app/wordlists/${wordlist} + + ffufai_full_scan: + description: Perform comprehensive fuzzing with AI analysis + parameters: + target: + type: string + description: The target URL to fuzz + wordlist: + type: string + description: Wordlist to use for fuzzing + default: "big.txt" + threads: + type: integer + description: Number of concurrent threads + default: 40 + + container: + build: + path: ${cwd}/ffufai.Dockerfile + name: ffufai_local + args: + - --net=host + volumes: + - ${cwd}:/data + + cmdline: + - /app/ffufai + - -u + - ${target} + - -w + - /app/wordlists/${wordlist} + - -t + - ${threads} + - --ai From c23da9b9db3eb96cde5748aa127d48afaa6c6b6d Mon Sep 17 00:00:00 2001 From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com> Date: Thu, 5 Dec 2024 13:23:22 -0500 Subject: [PATCH 2/5] chore: dont validate on extra commits --- .github/workflows/validate_robopages.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/validate_robopages.yml b/.github/workflows/validate_robopages.yml index fc70294..23ecb2c 100644 --- a/.github/workflows/validate_robopages.yml +++ b/.github/workflows/validate_robopages.yml @@ -2,6 +2,9 @@ name: Validate Contributions on: pull_request: + types: + - edited # Trigger when the PR is updated (e.g., title, description, or labels) + - reopened # Trigger when the PR is reopened paths: - '**.yml' - '!.github/**' From 8d3097b4e9852a5215125beb147dee89d10aae86 Mon Sep 17 00:00:00 2001 From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com> Date: Thu, 5 Dec 2024 13:36:18 -0500 Subject: [PATCH 3/5] fix: dockerfile --- .../information-gathering/ffufai.Dockerfile | 32 ++++++------------- 1 file changed, 9 insertions(+), 23 deletions(-) diff --git a/cybersecurity/offensive/information-gathering/ffufai.Dockerfile b/cybersecurity/offensive/information-gathering/ffufai.Dockerfile index 00ec9f5..fb6f1ed 100644 --- a/cybersecurity/offensive/information-gathering/ffufai.Dockerfile +++ b/cybersecurity/offensive/information-gathering/ffufai.Dockerfile @@ -1,34 +1,20 @@ -# ffufai.Dockerfile # Git clone stage FROM alpine:latest AS source RUN apk add --no-cache git WORKDIR /src -RUN git clone https://github.com/jthack/ffufai.git . || exit 1 - -# Build stage -FROM golang:1.21-alpine AS builder -WORKDIR /build -COPY --from=source /src . - -# Set Go build flags -ENV CGO_ENABLED=0 \ - GOOS=linux \ - GOARCH=amd64 \ - GO111MODULE=on - -# Build optimized binary -RUN go mod download && \ - go build -ldflags="-w -s" -o ffufai main.go +RUN git clone https://github.com/GangGreenTemperTatum/ffufai.git . || exit 1 # Final stage -FROM gcr.io/distroless/static-debian12:nonroot +FROM python:3.9-slim WORKDIR /app -# Copy binary and wordlists -COPY --from=builder /build/ffufai /app/ -COPY --from=builder /build/wordlists /app/wordlists +# Copy from source +COPY --from=source /src /app/ + +# Install dependencies +RUN pip install --no-cache-dir -r requirements.txt -USER nonroot:nonroot +USER nobody:nogroup EXPOSE 8080 -ENTRYPOINT ["/app/ffufai"] \ No newline at end of file +ENTRYPOINT ["python", "ffufai.py"] \ No newline at end of file From 913ed70a8c59f1ee4e246fcf576c3c276a12c292 Mon Sep 17 00:00:00 2001 From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com> Date: Thu, 5 Dec 2024 15:50:31 -0500 Subject: [PATCH 4/5] fix: updates to ffufai yml and docker build --- .../information-gathering/ffufai.Dockerfile | 31 +++++++----- .../information-gathering/ffufai.yml | 49 +++++++------------ 2 files changed, 36 insertions(+), 44 deletions(-) diff --git a/cybersecurity/offensive/information-gathering/ffufai.Dockerfile b/cybersecurity/offensive/information-gathering/ffufai.Dockerfile index fb6f1ed..5675e76 100644 --- a/cybersecurity/offensive/information-gathering/ffufai.Dockerfile +++ b/cybersecurity/offensive/information-gathering/ffufai.Dockerfile @@ -1,20 +1,25 @@ -# Git clone stage -FROM alpine:latest AS source -RUN apk add --no-cache git -WORKDIR /src -RUN git clone https://github.com/GangGreenTemperTatum/ffufai.git . || exit 1 - -# Final stage FROM python:3.9-slim + +# Install git and build dependencies +RUN apt-get update && \ + apt-get install -y git python3-dev gcc && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +# Set working directory WORKDIR /app -# Copy from source -COPY --from=source /src /app/ +# Clone the repository +RUN git clone https://github.com/GangGreenTemperTatum/ffufai.git /app + +# Install Python dependencies +RUN pip install --no-cache-dir -r requirements.txt cffi -# Install dependencies -RUN pip install --no-cache-dir -r requirements.txt +# Create non-root user +RUN useradd -m -r -u 1000 ffufuser && \ + chown -R ffufuser:ffufuser /app +USER ffufuser -USER nobody:nogroup EXPOSE 8080 -ENTRYPOINT ["python", "ffufai.py"] \ No newline at end of file +ENTRYPOINT ["python", "/app/ffufai.py"] \ No newline at end of file diff --git a/cybersecurity/offensive/information-gathering/ffufai.yml b/cybersecurity/offensive/information-gathering/ffufai.yml index 1766c7d..d1df6ea 100644 --- a/cybersecurity/offensive/information-gathering/ffufai.yml +++ b/cybersecurity/offensive/information-gathering/ffufai.yml @@ -1,12 +1,7 @@ -# ffufai.yml description: > ffufai is an AI-powered web fuzzing tool that combines the power of ffuf with artificial intelligence to find hidden endpoints and vulnerabilities in web applications. - -categories: - - cybersecurity - - offensive - - information-gathering + Requires either an OpenAI API key or Anthropic API key for AI-powered analysis. functions: ffufai_default_scan: @@ -18,29 +13,21 @@ functions: examples: - https://example.com - http://localhost:8080 - wordlist: - type: string - description: Wordlist to use for fuzzing - default: "common.txt" - examples: - - "directories.txt" - - "endpoints.txt" - container: - build: - path: ${cwd}/ffufai.Dockerfile - name: ffufai_local + platform: linux/amd64 + image: ffufai args: - --net=host volumes: - ${cwd}:/data - cmdline: - - /app/ffufai + - ffufai + - --openai-key + - ${env.OPENAI_API_KEY} + - --anthropic-key + - ${env.ANTHROPIC_API_KEY} - -u - ${target} - - -w - - /app/wordlists/${wordlist} ffufai_full_scan: description: Perform comprehensive fuzzing with AI analysis @@ -48,30 +35,30 @@ functions: target: type: string description: The target URL to fuzz + examples: + - https://example.com wordlist: type: string description: Wordlist to use for fuzzing - default: "big.txt" + default: big.txt threads: type: integer description: Number of concurrent threads default: 40 - container: - build: - path: ${cwd}/ffufai.Dockerfile - name: ffufai_local + platform: linux/amd64 + image: ffufai args: - --net=host volumes: - ${cwd}:/data - cmdline: - - /app/ffufai + - ffufai + - --openai-key + - ${env.OPENAI_API_KEY} + - --anthropic-key + - ${env.ANTHROPIC_API_KEY} - -u - ${target} - -w - /app/wordlists/${wordlist} - - -t - - ${threads} - - --ai From 78b312bc3a3c865a13c29efdc0da41ed0a7c485c Mon Sep 17 00:00:00 2001 From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com> Date: Thu, 5 Dec 2024 15:52:49 -0500 Subject: [PATCH 5/5] fix: update to wrong workflow --- .github/workflows/rigging_pr_description.yml | 4 +++- .github/workflows/validate_robopages.yml | 3 --- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/rigging_pr_description.yml b/.github/workflows/rigging_pr_description.yml index b86a94c..08e94d1 100644 --- a/.github/workflows/rigging_pr_description.yml +++ b/.github/workflows/rigging_pr_description.yml @@ -2,7 +2,9 @@ name: Update PR Description with Rigging on: pull_request: - types: [opened, synchronize] + types: + - edited # Trigger when the PR is updated (e.g., title, description, or labels) + - reopened # Trigger when the PR is reopened jobs: update-description: diff --git a/.github/workflows/validate_robopages.yml b/.github/workflows/validate_robopages.yml index 23ecb2c..fc70294 100644 --- a/.github/workflows/validate_robopages.yml +++ b/.github/workflows/validate_robopages.yml @@ -2,9 +2,6 @@ name: Validate Contributions on: pull_request: - types: - - edited # Trigger when the PR is updated (e.g., title, description, or labels) - - reopened # Trigger when the PR is reopened paths: - '**.yml' - '!.github/**'