├── .github └── pull_request_template.md ├── .gitignore ├── .pre-commit-config.yaml ├── .pylintrc ├── LICENSE ├── README.md ├── cake_fuzzer.py ├── cakefuzzer ├── __init__.py ├── attacks │ ├── __init__.py │ └── executor.py ├── domain │ ├── __init__.py │ ├── components.py │ ├── interfaces.py │ ├── scanners.py │ └── vulnerability.py ├── instrumentation │ ├── __init__.py │ ├── copy.py │ ├── info_retriever.py │ ├── ini_update.py │ ├── instrumentator.py │ ├── override.py │ ├── patch.py │ ├── patches │ │ └── CakePHP │ │ │ ├── 2 │ │ │ └── FRAMEWORK_PATH │ │ │ │ └── Cake │ │ │ │ ├── Controller │ │ │ │ ├── Component │ │ │ │ │ ├── Auth │ │ │ │ │ │ └── BaseAuthenticate.php.patch │ │ │ │ │ ├── AuthComponent.php.patch │ │ │ │ │ └── SecurityComponent.php.patch │ │ │ │ └── Controller.php.patch │ │ │ │ ├── Routing │ │ │ │ └── Route │ │ │ │ │ └── CakeRoute.php.patch │ │ │ │ └── Utility │ │ │ │ └── Hash.php.patch │ │ │ └── 4 │ │ │ ├── FRAMEWORK_PATH │ │ │ └── src │ │ │ │ ├── Controller │ │ │ │ ├── Component │ │ │ │ │ └── SecurityComponent.php.patch │ │ │ │ └── ControllerFactory.php.patch │ │ │ │ ├── Core │ │ │ │ └── PluginCollection.php.patch │ │ │ │ ├── Database │ │ │ │ └── Type │ │ │ │ │ ├── IntegerType.php.patch │ │ │ │ │ └── StringType.php.patch │ │ │ │ ├── Datasource │ │ │ │ └── Paging │ │ │ │ │ └── NumericPaginator.php.patch │ │ │ │ ├── Error │ │ │ │ └── ExceptionTrap.php.patch │ │ │ │ ├── Http │ │ │ │ ├── Middleware │ │ │ │ │ ├── CsrfProtectionMiddleware.php.patch │ │ │ │ │ └── SessionCsrfProtectionMiddleware.php.patch │ │ │ │ └── ServerRequestFactory.php.patch │ │ │ │ ├── ORM │ │ │ │ └── Marshaller.php.patch │ │ │ │ └── View │ │ │ │ └── Helper │ │ │ │ └── PaginatorHelper.php │ │ │ └── vendor │ │ │ ├── cakephp │ │ │ └── authentication │ │ │ │ └── src │ │ │ │ ├── AuthenticationService.php.patch │ │ │ │ └── Identifier │ │ │ │ └── FakeIdentifier.php │ │ │ └── twig │ │ │ └── twig │ │ │ └── src │ │ │ └── Node │ │ │ └── ModuleNode.php.patch │ ├── remove_annotations.py │ └── route_computer.py ├── phpfiles │ ├── AppInfo.php │ ├── AppInstrument.php │ ├── FrameworkLoader.php │ ├── MagicObjects.php │ ├── app_info.php │ ├── deserialization │ │ ├── CakeFuzzerDeserializationClass.doc │ │ ├── CakeFuzzerDeserializationClass.gif │ │ ├── CakeFuzzerDeserializationClass.html │ │ ├── CakeFuzzerDeserializationClass.jpg │ │ ├── CakeFuzzerDeserializationClass.pdf │ │ ├── CakeFuzzerDeserializationClass.phar │ │ ├── CakeFuzzerDeserializationClass.png │ │ ├── CakeFuzzerDeserializationClass.svg │ │ ├── CakeFuzzerDeserializationClass.txt │ │ └── phar_creator.php │ ├── frameworks │ │ ├── CakePHP │ │ │ ├── 2 │ │ │ │ └── CakePHP2AppHandler.php │ │ │ ├── 4 │ │ │ │ └── CakePHP4AppHandler.php │ │ │ └── CakePHPHandler.php │ │ └── FrameworkHandler.php │ ├── instrumentation │ │ ├── install_php_parser.sh │ │ ├── remove_annotations.php │ │ └── rename_function_call.php │ ├── instrumented_functions.php │ ├── single_execution.php │ └── unused.php ├── scanners │ ├── dns.py │ ├── filecontents.py │ ├── filesystem.py │ ├── iteration_result.py │ ├── process.py │ └── utils.py ├── settings │ ├── __init__.py │ ├── attack_definition.py │ ├── instrumentation.py │ └── webroot.py └── sqlite │ ├── __init__.py │ ├── iteration_results.py │ ├── queue.py │ ├── registry.py │ ├── scanners.py │ └── utils.py ├── config ├── config.example.ini ├── instrumentation_cake2.ini ├── instrumentation_cake4.ini └── instrumentation_empty.ini ├── contributing.md ├── docs ├── arch.drawio ├── arch.png └── luxembourg-armed-forces.svg ├── mypy.ini ├── php-parser.zip ├── precheck.sh ├── pyproject.toml ├── requirements.txt ├── strategies ├── cmdinj.json ├── codeInjection.json ├── deserialize.json ├── lfi.json ├── rfi.json ├── sqlinj.json ├── ssrf.json ├── ssti.json └── xss.json ├── tests └── test_route_computer.py └── tools ├── database.py ├── extract_iteration_result.py ├── iteration_stats.py ├── regex_speed.py ├── results_stats.py ├── set_manual_statuses.py └── single_execution_replayer.py /.github/pull_request_template.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/.github/pull_request_template.md -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/.gitignore -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/.pre-commit-config.yaml -------------------------------------------------------------------------------- /.pylintrc: -------------------------------------------------------------------------------- 1 | [MASTER] 2 | disable= 3 | C,R,W0511 4 | extension-pkg-whitelist=pydantic -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/README.md -------------------------------------------------------------------------------- /cake_fuzzer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cake_fuzzer.py -------------------------------------------------------------------------------- /cakefuzzer/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cakefuzzer/attacks/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/attacks/__init__.py -------------------------------------------------------------------------------- /cakefuzzer/attacks/executor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/attacks/executor.py -------------------------------------------------------------------------------- /cakefuzzer/domain/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cakefuzzer/domain/components.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/domain/components.py -------------------------------------------------------------------------------- /cakefuzzer/domain/interfaces.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/domain/interfaces.py -------------------------------------------------------------------------------- /cakefuzzer/domain/scanners.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/domain/scanners.py -------------------------------------------------------------------------------- /cakefuzzer/domain/vulnerability.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/domain/vulnerability.py -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/__init__.py -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/copy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/copy.py -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/info_retriever.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/info_retriever.py -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/ini_update.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/ini_update.py -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/instrumentator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/instrumentator.py -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/override.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/override.py -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patch.py -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/2/FRAMEWORK_PATH/Cake/Controller/Component/Auth/BaseAuthenticate.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/2/FRAMEWORK_PATH/Cake/Controller/Component/Auth/BaseAuthenticate.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/2/FRAMEWORK_PATH/Cake/Controller/Component/AuthComponent.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/2/FRAMEWORK_PATH/Cake/Controller/Component/AuthComponent.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/2/FRAMEWORK_PATH/Cake/Controller/Component/SecurityComponent.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/2/FRAMEWORK_PATH/Cake/Controller/Component/SecurityComponent.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/2/FRAMEWORK_PATH/Cake/Controller/Controller.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/2/FRAMEWORK_PATH/Cake/Controller/Controller.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/2/FRAMEWORK_PATH/Cake/Routing/Route/CakeRoute.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/2/FRAMEWORK_PATH/Cake/Routing/Route/CakeRoute.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/2/FRAMEWORK_PATH/Cake/Utility/Hash.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/2/FRAMEWORK_PATH/Cake/Utility/Hash.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Controller/Component/SecurityComponent.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Controller/Component/SecurityComponent.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Controller/ControllerFactory.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Controller/ControllerFactory.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Core/PluginCollection.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Core/PluginCollection.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Database/Type/IntegerType.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Database/Type/IntegerType.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Database/Type/StringType.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Database/Type/StringType.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Datasource/Paging/NumericPaginator.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Datasource/Paging/NumericPaginator.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Error/ExceptionTrap.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Error/ExceptionTrap.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Http/Middleware/CsrfProtectionMiddleware.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Http/Middleware/CsrfProtectionMiddleware.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Http/Middleware/SessionCsrfProtectionMiddleware.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Http/Middleware/SessionCsrfProtectionMiddleware.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Http/ServerRequestFactory.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/Http/ServerRequestFactory.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/ORM/Marshaller.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/ORM/Marshaller.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/View/Helper/PaginatorHelper.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/4/FRAMEWORK_PATH/src/View/Helper/PaginatorHelper.php -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/4/vendor/cakephp/authentication/src/AuthenticationService.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/4/vendor/cakephp/authentication/src/AuthenticationService.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/4/vendor/cakephp/authentication/src/Identifier/FakeIdentifier.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/4/vendor/cakephp/authentication/src/Identifier/FakeIdentifier.php -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/patches/CakePHP/4/vendor/twig/twig/src/Node/ModuleNode.php.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/patches/CakePHP/4/vendor/twig/twig/src/Node/ModuleNode.php.patch -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/remove_annotations.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/remove_annotations.py -------------------------------------------------------------------------------- /cakefuzzer/instrumentation/route_computer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/instrumentation/route_computer.py -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/AppInfo.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/phpfiles/AppInfo.php -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/AppInstrument.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/phpfiles/AppInstrument.php -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/FrameworkLoader.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/phpfiles/FrameworkLoader.php -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/MagicObjects.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/phpfiles/MagicObjects.php -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/app_info.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/phpfiles/app_info.php -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/deserialization/CakeFuzzerDeserializationClass.doc: -------------------------------------------------------------------------------- 1 | CakeFuzzerDeserializationClass.phar -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/deserialization/CakeFuzzerDeserializationClass.gif: -------------------------------------------------------------------------------- 1 | CakeFuzzerDeserializationClass.phar -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/deserialization/CakeFuzzerDeserializationClass.html: -------------------------------------------------------------------------------- 1 | CakeFuzzerDeserializationClass.phar -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/deserialization/CakeFuzzerDeserializationClass.jpg: -------------------------------------------------------------------------------- 1 | CakeFuzzerDeserializationClass.phar -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/deserialization/CakeFuzzerDeserializationClass.pdf: -------------------------------------------------------------------------------- 1 | CakeFuzzerDeserializationClass.phar -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/deserialization/CakeFuzzerDeserializationClass.phar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/phpfiles/deserialization/CakeFuzzerDeserializationClass.phar -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/deserialization/CakeFuzzerDeserializationClass.png: -------------------------------------------------------------------------------- 1 | CakeFuzzerDeserializationClass.phar -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/deserialization/CakeFuzzerDeserializationClass.svg: -------------------------------------------------------------------------------- 1 | CakeFuzzerDeserializationClass.phar -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/deserialization/CakeFuzzerDeserializationClass.txt: -------------------------------------------------------------------------------- 1 | CakeFuzzerDeserializationClass.phar -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/deserialization/phar_creator.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/phpfiles/deserialization/phar_creator.php -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/frameworks/CakePHP/2/CakePHP2AppHandler.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/phpfiles/frameworks/CakePHP/2/CakePHP2AppHandler.php -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/frameworks/CakePHP/4/CakePHP4AppHandler.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/phpfiles/frameworks/CakePHP/4/CakePHP4AppHandler.php -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/frameworks/CakePHP/CakePHPHandler.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/phpfiles/frameworks/CakePHP/CakePHPHandler.php -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/frameworks/FrameworkHandler.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/phpfiles/frameworks/FrameworkHandler.php -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/instrumentation/install_php_parser.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/phpfiles/instrumentation/install_php_parser.sh -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/instrumentation/remove_annotations.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/phpfiles/instrumentation/remove_annotations.php -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/instrumentation/rename_function_call.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/phpfiles/instrumentation/rename_function_call.php -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/instrumented_functions.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/phpfiles/instrumented_functions.php -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/single_execution.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/phpfiles/single_execution.php -------------------------------------------------------------------------------- /cakefuzzer/phpfiles/unused.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/phpfiles/unused.php -------------------------------------------------------------------------------- /cakefuzzer/scanners/dns.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/scanners/dns.py -------------------------------------------------------------------------------- /cakefuzzer/scanners/filecontents.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/scanners/filecontents.py -------------------------------------------------------------------------------- /cakefuzzer/scanners/filesystem.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/scanners/filesystem.py -------------------------------------------------------------------------------- /cakefuzzer/scanners/iteration_result.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/scanners/iteration_result.py -------------------------------------------------------------------------------- /cakefuzzer/scanners/process.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/scanners/process.py -------------------------------------------------------------------------------- /cakefuzzer/scanners/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/scanners/utils.py -------------------------------------------------------------------------------- /cakefuzzer/settings/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/settings/__init__.py -------------------------------------------------------------------------------- /cakefuzzer/settings/attack_definition.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/settings/attack_definition.py -------------------------------------------------------------------------------- /cakefuzzer/settings/instrumentation.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/settings/instrumentation.py -------------------------------------------------------------------------------- /cakefuzzer/settings/webroot.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/settings/webroot.py -------------------------------------------------------------------------------- /cakefuzzer/sqlite/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cakefuzzer/sqlite/iteration_results.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/sqlite/iteration_results.py -------------------------------------------------------------------------------- /cakefuzzer/sqlite/queue.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/sqlite/queue.py -------------------------------------------------------------------------------- /cakefuzzer/sqlite/registry.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/sqlite/registry.py -------------------------------------------------------------------------------- /cakefuzzer/sqlite/scanners.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/sqlite/scanners.py -------------------------------------------------------------------------------- /cakefuzzer/sqlite/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/cakefuzzer/sqlite/utils.py -------------------------------------------------------------------------------- /config/config.example.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/config/config.example.ini -------------------------------------------------------------------------------- /config/instrumentation_cake2.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/config/instrumentation_cake2.ini -------------------------------------------------------------------------------- /config/instrumentation_cake4.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/config/instrumentation_cake4.ini -------------------------------------------------------------------------------- /config/instrumentation_empty.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/config/instrumentation_empty.ini -------------------------------------------------------------------------------- /contributing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/contributing.md -------------------------------------------------------------------------------- /docs/arch.drawio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/docs/arch.drawio -------------------------------------------------------------------------------- /docs/arch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/docs/arch.png -------------------------------------------------------------------------------- /docs/luxembourg-armed-forces.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/docs/luxembourg-armed-forces.svg -------------------------------------------------------------------------------- /mypy.ini: -------------------------------------------------------------------------------- 1 | [mypy] 2 | plugins = pydantic.mypy -------------------------------------------------------------------------------- /php-parser.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/php-parser.zip -------------------------------------------------------------------------------- /precheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/precheck.sh -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/pyproject.toml -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/requirements.txt -------------------------------------------------------------------------------- /strategies/cmdinj.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/strategies/cmdinj.json -------------------------------------------------------------------------------- /strategies/codeInjection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/strategies/codeInjection.json -------------------------------------------------------------------------------- /strategies/deserialize.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/strategies/deserialize.json -------------------------------------------------------------------------------- /strategies/lfi.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/strategies/lfi.json -------------------------------------------------------------------------------- /strategies/rfi.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/strategies/rfi.json -------------------------------------------------------------------------------- /strategies/sqlinj.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/strategies/sqlinj.json -------------------------------------------------------------------------------- /strategies/ssrf.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/strategies/ssrf.json -------------------------------------------------------------------------------- /strategies/ssti.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/strategies/ssti.json -------------------------------------------------------------------------------- /strategies/xss.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/strategies/xss.json -------------------------------------------------------------------------------- /tests/test_route_computer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/tests/test_route_computer.py -------------------------------------------------------------------------------- /tools/database.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/tools/database.py -------------------------------------------------------------------------------- /tools/extract_iteration_result.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/tools/extract_iteration_result.py -------------------------------------------------------------------------------- /tools/iteration_stats.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/tools/iteration_stats.py -------------------------------------------------------------------------------- /tools/regex_speed.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/tools/regex_speed.py -------------------------------------------------------------------------------- /tools/results_stats.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/tools/results_stats.py -------------------------------------------------------------------------------- /tools/set_manual_statuses.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/tools/set_manual_statuses.py -------------------------------------------------------------------------------- /tools/single_execution_replayer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zigrin-Security/CakeFuzzer/HEAD/tools/single_execution_replayer.py --------------------------------------------------------------------------------