Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: example for ffufai #23

Merged
merged 6 commits into from
Dec 9, 2024
Merged

feat: example for ffufai #23

merged 6 commits into from
Dec 9, 2024

Conversation

GangGreenTemperTatum
Copy link
Collaborator

@GangGreenTemperTatum GangGreenTemperTatum commented Nov 25, 2024
edited by github-actions bot
Loading

AI-Generated Summary

PR Summary

Overview of Changes

This PR introduces significant changes to the project, focusing on enhancing GitHub workflow validations and adding new Docker and YAML configuration files for a cybersecurity tool named ffufai, an AI-powered web fuzzing tool. The changes aim to improve the project's workflow automation and extend its capabilities in information gathering through fuzzing.

Key Modifications

  1. GitHub Workflow Update: The PR modifies the .github/workflows/validate_robopages.yml file to trigger the validation workflow when a pull request is edited or reopened. This includes checking for changes in .yml files outside the .github directory.
  2. Dockerfile for ffufai: Adds a new Dockerfile cybersecurity/offensive/information-gathering/ffufai.Dockerfile to create a containerized version of ffufai. This includes installing necessary dependencies and setting up a non-root user environment within a Python 3.9-slim base image.
  3. ffufai YAML Configuration: Introduces a new YAML file cybersecurity/offensive/information-gathering/ffufai.yml that outlines the description and functions of ffufai. It details how to perform default and comprehensive fuzzing scans against web targets, specifying necessary parameters and environmental variables.

Potential Impact

  • Enhanced automation and broader trigger conditions for GitHub workflow validations may improve code review efficiency and robustness.
  • Adding ffufai as a containerized tool expands the project's cybersecurity capabilities, providing users with AI-powered fuzzing to identify vulnerabilities and hidden endpoints.
  • The introduction of specific ffufai configurations through the YAML file streamlines the process of utilizing this tool, potentially leading to increased adoption and utilization within cybersecurity practices.

This summary was generated with ❤️ by rigging

@GangGreenTemperTatum GangGreenTemperTatum requested a review from a team as a code owner November 25, 2024 13:43
github-actions[bot]
github-actions bot reviewed Nov 25, 2024
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Validation Results (2024-11-25T13:43:35.847Z)

✅ Validation successful

Please ensure your contribution follows the required format.

🔍 View Full Validation Details

Run ID: 12011326220
Workflow: Validate Contributions

@GangGreenTemperTatum GangGreenTemperTatum marked this pull request as draft November 25, 2024 14:22
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 5, 2024

Validation Results (2024-12-05T17:59:17.206Z)

❌ Validation failed

Please ensure your contribution follows the required format.

View Full Validation Details

Run ID: 12185364099
Workflow: Validate Contributions

@GangGreenTemperTatum
Copy link
Collaborator Author

GangGreenTemperTatum commented Dec 5, 2024
edited
Loading

create and run the dockerfile locally:

docker build -f ffufai.Dockerfile -t ffufai .

docker run --rm --name ffufai \
  -p 8080:8080 \
  -v $(pwd)/data:/app/data \
  -e OPENAI_API_KEY="$OPENAI_API_KEY" \
  ffufai \
  -u https://example.com/FUZZ

example usage in robopages:

➜  .robopages robopages run --function ffufai_default_scan
>> enter value for argument 'target': https://example.com/FUZZ

[2024-12-05T20:47:49Z WARN ] executing: /usr/local/bin/docker run --rm --env-file=/var/folders/zd/874qqpwn4p71dft28ltsqn700000gn/T/.tmpmgwffP -v/Users/ads/.robopages/robopages-main/cybersecurity/offensive/information-gathering:/data --net=host ffufai --openai-key sk-X --anthropic-key sk-X -u https://example.com/fuzz
>> enter 'y' to proceed or any other key to cancel: y

@evilsocket , do you know a best way to pass a wordlist here, or do you recommend removing it as an option from the examples? tyia! :)

the validator workflow was fixed in the other PR, ill take a look why it failed separately

@GangGreenTemperTatum GangGreenTemperTatum marked this pull request as ready for review December 5, 2024 20:50
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 5, 2024

Validation Results (2024-12-05T20:53:18.557Z)

❌ Validation failed

Please ensure your contribution follows the required format.

View Full Validation Details

Run ID: 12187871238
Workflow: Validate Contributions

@evilsocket evilsocket merged commit 7816516 into main Dec 9, 2024
1 check passed
@evilsocket evilsocket deleted the ads/eng-260-feature-dockerize-ffufai-and-robopages-example branch December 9, 2024 13:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@evilsocket evilsocket evilsocket approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@GangGreenTemperTatum @evilsocket