Permalink
Browse files

new payloads and shit

  • Loading branch information...
1 parent 9928d50 commit 26fa4a7139aa326381809acee32ec80f6df0728f @contra contra committed Jul 23, 2011
Showing with 105 additions and 4 deletions.
  1. +8 −3 README.md
  2. +54 −0 attacks.log
  3. +19 −0 lib/payloads/crews.js
  4. +4 −0 lib/payloads/explosive-impact.js
  5. +11 −0 lib/payloads/fake-report.js
  6. +4 −0 lib/payloads/meatspin.js
  7. +4 −0 lib/payloads/raggedyann.js
  8. +1 −1 package.json
View
@@ -8,7 +8,7 @@ To install node-fusker, use [npm](http://github.com/isaacs/npm):
## Example
-Please see [test.js](http://github.com/wearefractal/fusker/blob/master/example/test.js) for a working example and documentation.
+Please see [test.js](http://github.com/wearefractal/fusker/blob/master/test.js) for a working example and documentation.
To execute an XSS attack on the test server, just click [HERE](http://localhost:8080/index.html?wat=1%22%3E%3Cimg%20src=x) while it's running.
## List of included detection modules (detectives)
@@ -22,12 +22,17 @@ To execute an XSS attack on the test server, just click [HERE](http://localhost:
## List of included payload modules
blacklist - Blacklists IP for specified amount of time (banLength in config)
+ fake-report - Alerts attacker that they have been reported to ic3 and displays DOJ logo
saxroll - Redirects attacker to 1227.com
nimp - Redirects attacker to fusker.on.nimp.org (WARNING: Harmful to attacker)
nyan - Redirects attacker to nyan.cat
goatse - Redirects attacker to goatse.bz (WARNING: Harmful to eyes)
- bush - Redirects attacker to George W. Bush "you just fell for the trap"
- lemonparty - Redirects attacker to lemonparty.org
+ bush - Redirects attacker to full screen George W. Bush "you just fell for the trap"
+ lemonparty - Redirects attacker to lemonparty.org (WARNING: Harmful to eyes)
+ meatspin - Redirects attacker to meatspin.com (WARNING: Harmful to eyes)
+ explosive-impact - Redirects attacker to fullscreen video of ranting
+ raggedyann - Redirects attacker to extreme speaker rape. (WARNING: Harmful to speakers)
+ crews - Displays Terry Crews nipple dance rainbow b& page
## Adding detectives
View
@@ -0,0 +1,54 @@
+[- ATTACK DETAILS FOR Fri Jul 22 2011 17:41:24 GMT-0700 (MST) -]
+ --> Detective: XSS-2
+ --> Request: GET /index.html?wat=1%22%3E%3Cimg%20src=x%20onerror=alert%28%22XSS%22%29%3E%3Cnoscript%3E
+ --> IP: 127.0.0.1
+[- END ATTACK DETAILS -]
+
+[- ATTACK DETAILS FOR Fri Jul 22 2011 19:30:51 GMT-0700 (MST) -]
+ --> Detective: SQLi-0
+ --> Request: GET /?id=1'%20OR%20'1'='1
+ --> IP: 127.0.0.1
+[- END ATTACK DETAILS -]
+
+[- ATTACK DETAILS FOR Fri Jul 22 2011 20:07:56 GMT-0700 (MST) -]
+ --> Detective: XSS-2
+ --> Request: GET /index.html?wat=1%22%3E%3Cimg%20src=x%20onerror=alert%28%22XSS%22%29%3E%3Cnoscript%3E
+ --> IP: 127.0.0.1
+[- END ATTACK DETAILS -]
+
+[- ATTACK DETAILS FOR Fri Jul 22 2011 20:18:29 GMT-0700 (MST) -]
+ --> Detective: XSS-2
+ --> Request: GET /index.html?wat=1%22%3E%3Cimg%20src=x%20onerror=alert%28%22XSS%22%29%3E%3Cnoscript%3E
+ --> IP: 127.0.0.1
+[- END ATTACK DETAILS -]
+
+[- ATTACK DETAILS FOR Fri Jul 22 2011 20:22:13 GMT-0700 (MST) -]
+ --> Detective: XSS-2
+ --> Request: GET /index.html?wat=1%22%3E%3Cimg%20src=x%20onerror=alert%28%22XSS%22%29%3E%3Cnoscript%3E
+ --> IP: 127.0.0.1
+[- END ATTACK DETAILS -]
+
+[- ATTACK DETAILS FOR Fri Jul 22 2011 20:36:24 GMT-0700 (MST) -]
+ --> Detective: XSS-2
+ --> Request: GET /index.html?wat=1%22%3E%3Cimg%20src=x%20onerror=alert%28%22XSS%22%29%3E%3Cnoscript%3E
+ --> IP: 127.0.0.1
+[- END ATTACK DETAILS -]
+
+[- ATTACK DETAILS FOR Fri Jul 22 2011 20:36:29 GMT-0700 (MST) -]
+ --> Detective: XSS-2
+ --> Request: GET /index.html?wat=1%22%3E%3Cimg%20src=x%20onerror=alert%28%22XSS%22%29%3E%3Cnoscript%3E
+ --> IP: 127.0.0.1
+[- END ATTACK DETAILS -]
+
+[- ATTACK DETAILS FOR Fri Jul 22 2011 20:43:48 GMT-0700 (MST) -]
+ --> Detective: XSS-2
+ --> Request: GET /index.html?wat=1%22%3E%3Cimg%20src=x%20onerror=alert%28%22XSS%22%29%3E%3Cnoscript%3E
+ --> IP: 127.0.0.1
+[- END ATTACK DETAILS -]
+
+[- ATTACK DETAILS FOR Fri Jul 22 2011 20:45:41 GMT-0700 (MST) -]
+ --> Detective: XSS-2
+ --> Request: GET /index.html?wat=1%22%3E%3Cimg%20src=x%20onerror=alert%28%22XSS%22%29%3E%3Cnoscript%3E
+ --> IP: 127.0.0.1
+[- END ATTACK DETAILS -]
+
View
@@ -0,0 +1,19 @@
+var html = '<html>';
+html += '<head>';
+html += '<title>LOL BANNED</title>';
+html += '</head>';
+html += '<body bgcolor="black" background="http://content.ytmnd.com/content/1/d/b/1db6ede2772ba8f5428dbff9f1f2e3be.gif">';
+html += '<br/><br/>';
+html += '<center>';
+html += '<h1>YA GOOFED - B&</h1><br/>';
+html += '<img src="http://content.ytmnd.com/content/1/7/c/17c9f89183c18613f48450a649e3f64c.gif">';
+html += '<embed src="http://www.youtube.com/v/ykJxwaGVzYY?autoplay=1&rel=0" type="application/x-shockwave-flash" wmode="transparent" width="1" height="1"></embed>';
+html += '</center>';
+html += '</body>';
+html += '</html>';
+
+exports.run = function (req, res) {
+ res.writeHead(200);
+ res.write(html, 'utf8');
+ res.end();
+};
@@ -0,0 +1,4 @@
+exports.run = function (req, res) {
+ res.writeHead(302, {'Location': 'http://www.youtube.com/v/uK0aQTzhBzE?autoplay=1'});
+ res.end();
+};
@@ -0,0 +1,11 @@
+exports.run = function (req, res) {
+ var html = '<html>';
+ html += '<head><title>Crime Report</title></head>';
+ html += '<body><center>';
+ html += '<img src="http://mokellyreport.files.wordpress.com/2009/07/doj.gif"/><br/>';
+ html += 'Your IP (' + req.connection.remoteAddress + ') and appropriate attack details have been automatically submitted to http://ic3.gov/';
+ html += '</center></body>';
+ res.writeHead(200);
+ res.write(html, 'utf8');
+ res.end();
+};
View
@@ -0,0 +1,4 @@
+exports.run = function (req, res) {
+ res.writeHead(302, {'Location': 'http://meatspin.com/'});
+ res.end();
+};
@@ -0,0 +1,4 @@
+exports.run = function (req, res) {
+ res.writeHead(302, {'Location': 'http://raggedyann.ytmnd.com/'});
+ res.end();
+};
View
@@ -1,7 +1,7 @@
{
"name":"fusker",
"description":"Detect, prevent, and fight back against hackers in the lulziest ways possible",
- "version":"0.0.7",
+ "version":"0.0.8",
"homepage":"http://github.com/wearefractal/fusker",
"keywords":[
"fusker",

0 comments on commit 26fa4a7

Please sign in to comment.