Skip to content
/ plusfish Public
forked from google/plusfish

Plusfish is a classic web application vulnerability scanner/fuzzer and aimed at security professionals

License

Apache-2.0 license
0 stars 11 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

userAman16/plusfish

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
audit
audit
 
 
bazel
bazel
 
 
config
config
 
 
opensource/deps/base
opensource/deps/base
 
 
parsers
parsers
 
 
proto
proto
 
 
report
report
 
 
testing
testing
 
 
util
util
 
 
wordlists
wordlists
 
 
BUILD
BUILD
 
 
BUILD.md
BUILD.md
 
 
CONFIGURATION.md
CONFIGURATION.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
DEPENDENCIES
DEPENDENCIES
 
 
EXAMPLES.md
EXAMPLES.md
 
 
LICENSE
LICENSE
 
 
OWNERS
OWNERS
 
 
README.md
README.md
 
 
WORKSPACE
WORKSPACE
 
 
crawler.cc
crawler.cc
 
 
crawler.h
crawler.h
 
 
crawler_test.cc
crawler_test.cc
 
 
curl.cc
curl.cc
 
 
curl.h
curl.h
 
 
curl_http_client.cc
curl_http_client.cc
 
 
curl_http_client.h
curl_http_client.h
 
 
curl_http_client_test.cc
curl_http_client_test.cc
 
 
datastore.cc
datastore.cc
 
 
datastore.h
datastore.h
 
 
datastore_test.cc
datastore_test.cc
 
 
hidden_objects_finder.cc
hidden_objects_finder.cc
 
 
hidden_objects_finder.h
hidden_objects_finder.h
 
 
hidden_objects_finder_test.cc
hidden_objects_finder_test.cc
 
 
http_client.h
http_client.h
 
 
not_found_detector.cc
not_found_detector.cc
 
 
not_found_detector.h
not_found_detector.h
 
 
not_found_detector_test.cc
not_found_detector_test.cc
 
 
pivot.cc
pivot.cc
 
 
pivot.h
pivot.h
 
 
pivot_test.cc
pivot_test.cc
 
 
plusfish.cc
plusfish.cc
 
 
plusfish.h
plusfish.h
 
 
plusfish_cli.cc
plusfish_cli.cc
 
 
plusfish_test.cc
plusfish_test.cc
 
 
request.cc
request.cc
 
 
request.h
request.h
 
 
request_handler.h
request_handler.h
 
 
request_test.cc
request_test.cc
 
 
response.cc
response.cc
 
 
response.h
response.h
 
 
response_test.cc
response_test.cc
 
 

Repository files navigation

NOTE: This is not an officially supported Google product

 ____  _            __ _     _
|  _ \| |_   _ ___ / _(_)___| |__
| |_) | | | | / __| |_| / __| '_ \
|  __/| | |_| \__ \  _| \__ \ | | |
|_|   |_|\__,_|___/_| |_|___/_| |_|

Introduction

Plusfish is a classic web application vulnerability scanner/fuzzer and aimed at security professionals.

Design philosophy

Typical web application scanners are tuned towards low noise and low false positive rates. This is more user friendly but comes with the risk of false negatives. For example, other scanners might use a long XSS payload that can trigger a vulnerability in multiple conditions and this reduces the amount of requests needed and reduces the intrusiveness of the scan.

The more complex a payload, the higher the chance it could get blocked by the application which can result in a false positive.

Plusfish takes a complete opposite approach and uses as many payloads, encodings, injection points, etc as possible. This results in significant more traffic and you will also end up with more data to process after the scan.

Due to these characteristics; plusfish is positioned towards aiding security professionals in their assessments by providing a lot of signals rather than being a point, click and report tool.

Key features

High performance

Despite the scanner currently being single process and single threaded; you can reach 1000's requests per seconds when you tune the tool (and your server can handle it) properly.

Highly customizable

The checks it does, scan duration, request rate, client certificate, proxy usage, report type and pretty much the entire behavior of the scanner can be controlled through flags and configuration files.

Browser independent

Does not make use of a browser/browser engine and has a full control over its document fetching and rendering behavior. As such the behavior of various browsers can be emulated (or considered) during security tests.

This also is a limitation at the moment because Javascript execution isn't supported in this initial version. We do however plan on adding this.

Thorough security testing

The security checks are designed to bring confirmed and potential security issues to the attention of security engineers. While we avoid false positives, we certainly do not avoid edge case vulnerabilities that require manual review for confirmation.

Generic check language

Generic security checks can be written in a powerful and structured language. In the checks payloads, injection methods, encoding methods and response matching behaviors can all be customized.

In fact, the majority of the security checks are currently implemented in the configuration files. Adding one is just a matter of editing the file and re-running the scan.

Finding hidden files or directories

Using the extensive wordlists it is possible to let plusfish hunt for hidden files and directories. If found, they are also subject to the security tests.

Current status

The tool is not finished and currently best for testing server-side security problems.

More information

Please have a look at:

Credits

Written by Niels Heinen with the help of attwad

About

Plusfish is a classic web application vulnerability scanner/fuzzer and aimed at security professionals

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 92.8%
  • Starlark 7.2%