Merge pull request #15 from kingthorin/fdb-offensive

Add 'attack' folder and components

Author: psiinon

CHANGELOG.md

@@ -6,6 +6,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ## [Unreleased]
 ### Changed
 - Do not set the background colour of the help page.
+- Migrated 'attack' directory and components from main FuzzDB add-on, due to anti-virus considerations (Issue 5972).
+- Updated from upstream.
 
 ## [2] - 2020-01-30
 ### Added
@@ -19,6 +21,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 First version.
 
-[Unreleased]: https://github.com/zaproxy/fuzzdb-web-backdoors/compare/v2...HEAD
-[2]: https://github.com/zaproxy/fuzzdb-web-backdoors/compare/v1...v2
-[1]: https://github.com/zaproxy/fuzzdb-web-backdoors/releases/v1
+[Unreleased]: https://github.com/zaproxy/fuzzdb-offensive/compare/v2...HEAD
+[2]: https://github.com/zaproxy/fuzzdb-offensive/compare/v1...v2
+[1]: https://github.com/zaproxy/fuzzdb-offensive/releases/v1

README.md

@@ -1,6 +1,3 @@
-fuzzdb-web-backdoors
-====================
+# fuzzdb-offensive
 
-A ZAP add-on with [FuzzDB] web backdoors, split from the main FuzzDB add-on to avoid issues with AVs.
-
-[FuzzDB]: https://github.com/fuzzdb-project/fuzzdb/
+A ZAP add-on with [FuzzDB](https://github.com/fuzzdb-project/fuzzdb/) web backdoors and attack files, split from the main FuzzDB add-on to avoid issues with anti-virus packages.

build.gradle.kts

@@ -22,7 +22,7 @@ repositories {
 }
 
 version = "3"
-description = "FuzzDB web backdoors which can be used with the ZAP fuzzer"
+description = "FuzzDB web backdoors and attack files which can be used with the ZAP fuzzer or for manual penetration testing"
 
 java {
     sourceCompatibility = JavaVersion.VERSION_1_8
@@ -31,17 +31,17 @@ java {
 
 zapAddOn {
     addOnId.set(project.name.replace("-", ""))
-    addOnName.set("FuzzDB Web Backdoors")
+    addOnName.set("FuzzDB Offensive")
     addOnStatus.set(AddOnStatus.RELEASE)
     zapVersion.set("2.9.0")
 
-    releaseLink.set("https://github.com/zaproxy/fuzzdb-web-backdoors/compare/v@PREVIOUS_VERSION@...v@CURRENT_VERSION@")
-    unreleasedLink.set("https://github.com/zaproxy/fuzzdb-web-backdoors/compare/v@CURRENT_VERSION@...HEAD")
+    releaseLink.set("https://github.com/zaproxy/fuzzdb-offensive/compare/v@PREVIOUS_VERSION@...v@CURRENT_VERSION@")
+    unreleasedLink.set("https://github.com/zaproxy/fuzzdb-offensive/compare/v@CURRENT_VERSION@...HEAD")
 
     manifest {
         author.set("ZAP Dev Team")
-        url.set("https://www.zaproxy.org/docs/desktop/addons/fuzzdb-web-backdoors/")
-        repo.set("https://github.com/zaproxy/fuzzdb-web-backdoors/")
+        url.set("https://www.zaproxy.org/docs/desktop/addons/fuzzdb-offensive/")
+        repo.set("https://github.com/zaproxy/fuzzdb-offensive/")
         changesFile.set(tasks.named<ConvertMarkdownToHtml>("generateManifestChanges").flatMap { it.html })
 
         helpSet {

settings.gradle.kts

@@ -1 +1 @@
-rootProject.name = "fuzzdb-web-backdoors"
+rootProject.name = "fuzzdb-offensive"

src/main/javahelp/help/contents/intro.html

@@ -3,12 +3,12 @@
 <HEAD>
 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
 <TITLE>
-FuzzDB Web Backdoors
+FuzzDB Offensive
 </TITLE>
 </HEAD>
 <BODY>
-<H1>FuzzDB Web Backdoors</H1>
-<a href="https://github.com/fuzzdb-project/fuzzdb/">FuzzDB</a> web backdoors which can be used with the ZAP fuzzer.
+<H1>FuzzDB Offensive</H1>
+<a href="https://github.com/fuzzdb-project/fuzzdb/">FuzzDB</a> web backdoors and attack files which can be used with the ZAP fuzzer or for manual penetration testing.
 
 </BODY>
 </HTML>

src/main/javahelp/help/helpset.hs

@@ -3,10 +3,10 @@
   PUBLIC "-//Sun Microsystems Inc.//DTD JavaHelp HelpSet Version 2.0//EN"
          "http://java.sun.com/products/javahelp/helpset_2_0.dtd">
 <helpset version="2.0" xml:lang="en-GB">
-  <title>FuzzDB Web Backdoors Add-On</title>
+  <title>FuzzDB Offensive Add-On</title>
 
   <maps>
-     <homeID>fuzzdb-web-backdoors</homeID>
+     <homeID>fuzzdb-offensive</homeID>
      <mapref location="map.jhm"/>
   </maps>
 

src/main/javahelp/help/index.xml

@@ -4,5 +4,5 @@
          "http://java.sun.com/products/javahelp/index_2_0.dtd">
 
 <index version="2.0">
-    <indexitem text="FuzzDB Web Backdoors" target="fuzzdb-web-backdoors" />
+    <indexitem text="FuzzDB Offensive" target="fuzzdb-offensive" />
 </index>

src/main/javahelp/help/map.jhm

@@ -4,5 +4,5 @@
          "http://java.sun.com/products/javahelp/map_1_0.dtd">
 
 <map version="1.0">
-    <mapID target="fuzzdb-web-backdoors" url="contents/intro.html" />
+    <mapID target="fuzzdb-offensive" url="contents/intro.html" />
 </map>

src/main/javahelp/help/toc.xml

@@ -6,7 +6,7 @@
 <toc version="2.0">
     <tocitem text="ZAP User Guide" tocid="toplevelitem">
         <tocitem text="Add Ons" tocid="addons">
-            <tocitem text="FuzzDB Web Backdoors" target="fuzzdb-web-backdoors"/>
+            <tocitem text="FuzzDB Offensive" target="fuzzdb-offensive"/>
         </tocitem>
     </tocitem>
 </toc>

src/main/zapHomeFiles/fuzzers/fuzzdb/attack/README.md

@@ -0,0 +1,5 @@
+<h1>FuzzDB Attack Patterns</h1>
+
+**WAF Evasion** <br>
+* <a href=../master/docs/attack-docs/waf-bypass/regexp-security-cheatsheet.md>Regexp security Cheatsheet</a> 
+* Source: https://github.com/attackercan/regexp-security-cheatsheet/blob/master/README.md