-
Notifications
You must be signed in to change notification settings - Fork 72
ModulesCommands
Ioannis Stais edited this page May 6, 2017
·
2 revisions
The modules of lightbulb, are the ready-to-use instances of the lightbulb framework. This means that you don't have to setup core module and a utility module in order to perform an operation. These modules also can perform more complex operations, such as WAF identification, or generating a WAF distinguishing tree. However, the provided modules may be a little restrictive and may not fit to your needs.
Typing the keyword "modules" will list the available modules.
(lightbulb) modules
Avaliable Modules:
+----------------------+-----------------------------------------------------------------------------------------+
| Name | Value |
+----------------------+-----------------------------------------------------------------------------------------+
| difftest_browser_waf | Generates a large number of mutations in an input string and tests browser and WAF |
| distinguish_waf | Identifies a WAF filter using a distinguish tree |
| gen_waf_tree | Generates a distinguish tree for a list of WAF filters |
| models_op | Perform automata operations on learned models or flex files |
| test_browser | Learns a Browser parser using a file containing regular expressions or grammar as input |
| verify_waf_tree | Verifies a distinguish tree for a list of WAF filters |
+----------------------+-----------------------------------------------------------------------------------------+
Using the keyword "info" you can obtain more information on the available modules:
(lightbulb) info distinguish_waf
Module distinguish_waf Information:
+-------------+--------------------------------------------------+
| Name | Value |
+-------------+--------------------------------------------------+
| Author | George Argyros, Ioannis Stais |
| Description | Identifies a WAF filter using a distinguish tree |
| Comments | Sample comment 1, Sample comment 2 |
+-------------+--------------------------------------------------+
To start using a module, use the keyword "use" and the selected module
(lightbulb) use distinguish_waf
distinguish_waf distinguish_waf
Entering module distinguish_waf
you can define multiple instances of the same object using the combination of the keyword "use" and the keyword "as"
(lightbulb) use distinguish_waf as mydistinguisher
distinguish_waf mydistinguisher
Entering module distinguish_waf
To check the parameters that need to be defined, use the keyword "options"
(lightbulb) options
+----------------+-------------------+----------+--------------------------------------------------------------------+
| Name | Value | Required | Description |
+----------------+-------------------+----------+--------------------------------------------------------------------+
| FILE | None | True | File containting a distinguish tree |
| URL | http://127.0.0.1 | True | The target URL |
| REQUEST_TYPE | POST | True | The HTTP request type (GET/POST) |
| PARAM | input | True | The request parameter |
| BLOCK | None | False | The response string that indicates that the WAF blocks the request |
| BYPASS | None | False | The response string that indicates that the WAF allows the request |
| PROXY_SCHEME | None | False | The proxy scheme (e.g. http, https |
| PROXY_HOST | None | False | The proxy host |
| PROXY_PORT | None | False | The proxy port |
| PROXY_USERNAME | None | False | The proxy username |
| PROXY_PASSWORD | None | False | The proxy password |
| USER_AGENT | Mozilla/5.0 | True | The request user agent |
| REFERER | http://google.com | True | The request referrer |
| PRELOAD | False | True | Preload the input filter |
+----------------+-------------------+----------+--------------------------------------------------------------------+
To define a parameter, use the keyword "define", following by the parameter name and the parameter value
(lightbulb) define FILE {library}/trees/waf_tree1
Option FILE defined as {library}/trees/waf_tree1
To verify that the parameter was set successfully, use again the word "options"
(lightbulb) options
+----------------+---------------------------+----------+--------------------------------------------------------------------+
| Name | Value | Required | Description |
+----------------+---------------------------+----------+--------------------------------------------------------------------+
| FILE | {library}/trees/waf_tree1 | True | File containting a distinguish tree |
| URL | http://127.0.0.1 | True | The target URL |
| REQUEST_TYPE | POST | True | The HTTP request type (GET/POST) |
| PARAM | input | True | The request parameter |
| BLOCK | None | False | The response string that indicates that the WAF blocks the request |
| BYPASS | None | False | The response string that indicates that the WAF allows the request |
| PROXY_SCHEME | None | False | The proxy scheme (e.g. http, https |
| PROXY_HOST | None | False | The proxy host |
| PROXY_PORT | None | False | The proxy port |
| PROXY_USERNAME | None | False | The proxy username |
| PROXY_PASSWORD | None | False | The proxy password |
| USER_AGENT | Mozilla/5.0 | True | The request user agent |
| REFERER | http://google.com | True | The request referrer |
| PRELOAD | False | True | Preload the input filter |
+----------------+---------------------------+----------+--------------------------------------------------------------------+
To start the module, use the word "start" followed by the module name
(lightbulb) start mydistinguisher