Share
## https://sploitus.com/exploit?id=86485D20-26FB-5F19-8F2E-862FFF677EAF
# ButtF - Backend Misconfiguration & Logic Flaw Exploitation Tool
## Overview
ButtF is a comprehensive security testing framework designed for penetration testers and security researchers to identify backend misconfigurations, business logic flaws, and known vulnerabilities in web applications.
## Features
### Core Detection Modules
1. **Misconfiguration Detection (`misconfig`)**
- Exposed configuration files (.env, config.json)
- Git repository exposure
- Admin panel accessibility
- API documentation leaks (Swagger, GraphQL)
- Database backup exposure
- Cloud credential leaks
2. **Logic Flaw Detection (`logic`)**
- Insecure Direct Object Reference (IDOR)
- Mass assignment vulnerabilities
- Workflow bypass detection
- State manipulation attacks
3. **CVE Detection (`cve`)**
- Log4Shell (CVE-2021-44228)
- Spring4Shell (CVE-2022-22965)
- Pattern-based vulnerability matching
- Framework signature detection
4. **Authentication Testing (`auth`)**
- JWT security validation
- Session management issues
- Password policy enforcement
- Token manipulation tests
5. **Injection Testing (`injection`)**
- SQL injection detection
- Command injection testing
- Cross-Site Scripting (XSS)
- Payload reflection analysis
6. **Data Exposure Detection (`exposure`)**
- Sensitive endpoint enumeration
- API data leakage
- Debug information disclosure
- Internal endpoint exposure
7. **Rate Limiting Validation (`rate`)**
- Brute force protection testing
- API rate limit enforcement
- DDoS vulnerability assessment
8. **CORS Misconfiguration (`cors`)**
- Origin validation testing
- Credential exposure via CORS
- Wildcard origin detection
## Installation
### Requirements
- Python 3.7+
- pip
### Setup
```bash
# Clone or download ButtF
git clone
cd buttf
# Install dependencies
pip install -r requirements.txt
# Make executable (Linux/Mac)
chmod +x buttf.py
```
## Usage
### Basic Scan
```bash
python buttf.py -u https://example.com -m all
```
### Targeted Module Scan
```bash
python buttf.py -u https://api.example.com -m misconfig,logic,cve
```
### Custom Configuration
```bash
python buttf.py -u https://example.com -m auth,injection --threads 20 --timeout 15
```
### JSON Output
```bash
python buttf.py -u https://example.com -m all -o json -f report.json
```
## Command-Line Arguments
| Argument | Description | Default |
|----------|-------------|---------|
| `-u, --url` | Target URL (required) | - |
| `-m, --modules` | Comma-separated modules or "all" | - |
| `-t, --threads` | Number of concurrent threads | 10 |
| `--timeout` | Request timeout in seconds | 10 |
| `-o, --output` | Output format (text/json) | text |
| `-f, --file` | Save report to file | - |
## Available Modules
| Module | Description |
|--------|-------------|
| `misconfig` | Backend misconfiguration detection |
| `logic` | Business logic flaw detection |
| `cve` | Known CVE pattern matching |
| `auth` | Authentication/authorization testing |
| `injection` | Injection vulnerability testing |
| `exposure` | Sensitive data exposure detection |
| `rate` | Rate limiting validation |
| `cors` | CORS misconfiguration detection |
| `all` | Run all modules |
## Output Examples
### Text Report
```
================================================================================
ButtF Security Scan Report
================================================================================
Target: https://example.com
Total Vulnerabilities: 5
Severity Breakdown:
CRITICAL: 2
HIGH: 1
MEDIUM: 2
--------------------------------------------------------------------------------
[1] HIGH - Information Disclosure
Endpoint: /robots.txt
Description: Exposed robots.txt
Evidence: Status: 200, Size: 1234 bytes
Remediation: Restrict access to /robots.txt or remove it from public access
```
### JSON Report
```json
[
{
"severity": "HIGH",
"category": "Information Disclosure",
"endpoint": "/robots.txt",
"description": "Exposed robots.txt",
"evidence": "Status: 200, Size: 1234 bytes",
"cve_id": null,
"remediation": "Restrict access to /robots.txt or remove it from public access"
}
]
```
## Vulnerability Severity Levels
- **CRITICAL**: Immediate exploitation possible, severe impact
- **HIGH**: Exploitable with moderate effort, significant impact
- **MEDIUM**: Exploitable under certain conditions, moderate impact
- **LOW**: Limited exploitability, minimal impact
## Advanced Usage
### Custom Payloads
Modify the scanner to include custom payloads:
```python
scanner = ButtF('https://example.com')
scanner.custom_sql_payloads = ["' OR 1=1--", "admin'--"]
scanner.scan(['injection'])
```
### Integration with CI/CD
```bash
#!/bin/bash
python buttf.py -u $TARGET_URL -m all -o json -f scan_results.json
if [ $(jq '.[] | select(.severity=="CRITICAL")' scan_results.json | wc -l) -gt 0 ]; then
echo "Critical vulnerabilities found!"
exit 1
fi
```
## Security Considerations
### Legal Notice
ButtF is designed for authorized security testing only. Users must:
- Obtain explicit permission before testing any system
- Comply with applicable laws and regulations
- Use responsibly and ethically
### Best Practices
- Test in isolated environments first
- Use reasonable thread counts to avoid DoS
- Monitor target system impact
- Document all findings thoroughly
## Threat Analysis Capabilities
ButtF provides comprehensive threat analysis through:
1. **Vulnerability Categorization**: Organizes findings by attack vector
2. **Severity Assessment**: Prioritizes risks based on exploitability and impact
3. **Evidence Collection**: Captures proof of vulnerability existence
4. **Remediation Guidance**: Provides actionable fix recommendations
## CVE Detection Strategy
The tool employs multiple CVE detection methods:
1. **Pattern Matching**: Identifies framework signatures
2. **Version Fingerprinting**: Detects vulnerable software versions
3. **Behavior Analysis**: Tests for known vulnerability behaviors
4. **Error Message Analysis**: Extracts version info from error responses
## Performance Optimization
- **Multi-threading**: Parallel request execution
- **Connection Pooling**: Reuses HTTP connections
- **Smart Timeout**: Adaptive timeout based on response patterns
- **Request Throttling**: Prevents target overload
## Troubleshooting
### Common Issues
**Issue**: Connection timeouts
```bash
# Increase timeout value
python buttf.py -u https://example.com -m all --timeout 30
```
**Issue**: Too many concurrent requests
```bash
# Reduce thread count
python buttf.py -u https://example.com -m all --threads 5
```
**Issue**: SSL certificate errors
```python
# Modify session to disable SSL verification (use cautiously)
scanner.session.verify = False
```
## Contribution Guidelines
Contributions are welcome. To add new detection modules:
1. Create detection method following naming convention `_scan_module_name()`
2. Add vulnerability objects using the `Vulnerability` dataclass
3. Register module in the `scan_functions` dictionary
4. Document the module in README
5. Add example test cases
## Roadmap
- [ ] Additional CVE signatures
- [ ] Machine learning-based anomaly detection
- [ ] GraphQL-specific vulnerability testing
- [ ] WebSocket security analysis
- [ ] Enhanced reporting with executive summaries
- [ ] Integration with vulnerability databases
- [ ] Custom rule engine for organization-specific tests
## License
This tool is provided for educational and authorized security testing purposes.
## Disclaimer
The authors are not responsible for misuse or damage caused by this tool. Users assume all responsibility for compliance with applicable laws and ethical guidelines.