■ ■ ■ ■ ■ ■
plugin/src/main/java/com/google/tsunami/plugin/payload/README.md
| 1 | | - | \# payload_definitions.yaml |
| | 1 | + | # Tsunami Payload Generation Framework |
| | 2 | + | |
| | 3 | + | This is the code for Tsunami's payload generation framework, an optional library |
| | 4 | + | for detectors which automatically selects the best payload for a given |
| | 5 | + | vulnerability, taking out the guesswork when writing a new detector, reducing |
| | 6 | + | false positives, and standardizing payloads across detectors. It is also the |
| | 7 | + | interface for using the |
| | 8 | + | [Tsunami Callback Server](https://github.com/google/tsunami-security-scanner-callback-server). |
| | 9 | + | |
| | 10 | + | Detectors targeting remote code executions (RCE) and server-side request forgery |
| | 11 | + | (SSRF) vulnerabilities are ideal candidates for using the payload framework. |
| | 12 | + | |
| | 13 | + | For an example of how to use the framework, see |
| | 14 | + | [the example plugin](https://github.com/google/tsunami-security-scanner-plugins/tree/master/examples/example_payload_framework_vuln_detector). |
| 2 | 15 | | |
| 3 | | - | `payload_definitions.yaml` defines the payloads used in the payload generation |
| 4 | | - | framework. See the schema definition in payload_generator.proto. |
| | 16 | + | ## payload_definitions.yaml |
| | 17 | + | |
| | 18 | + | [payload_definitions.yaml](https://github.com/google/tsunami-security-scanner/blob/master/plugin/src/main/resources/com/google/tsunami/plugin/payload/payload_definitions.yaml) |
| | 19 | + | defines the actual payloads used in the payload generation framework. See the |
| | 20 | + | schema definition in |
| | 21 | + | [payload_generator.proto](https://github.com/google/tsunami-security-scanner/blob/master/proto/payload_generator.proto). |
| | 22 | + | When adding a new payload definition, make sure to add |
| | 23 | + | [test cases](https://github.com/google/tsunami-security-scanner/blob/master/plugin/src/test/java/com/google/tsunami/plugin/payload/PayloadGeneratorTest.java). |
| 5 | 24 | | |
Albert Cui
committed
with
Copybara-Service
2 years ago
1 parent 1cc88929