Skip to main content

Crate attackstr

Crate attackstr 

Source
Expand description

§attackstr

Grammar-based security payload generation for the Santh ecosystem.

Every security tool needs attack payloads — SQLi, XSS, command injection, SSTI, SSRF, XXE, and more. This crate provides a single, configurable engine that all Santh tools share. Upgrade payloads once, every tool benefits.

§Architecture

Payloads are defined in TOML grammar files. Each grammar specifies:

  • Contexts: injection points (string break, numeric, attribute, etc.)
  • Techniques: attack patterns with template variables
  • Variables: substitution values (tautologies, commands, etc.)
  • Encodings: transforms applied to final payloads (URL, hex, unicode, etc.)

The engine computes the Cartesian product: contexts × techniques × variable_combos × encodings

§Usage

use attackstr::{PayloadDb, PayloadConfig};

let mut db = PayloadDb::with_config(PayloadConfig::default());
db.load_toml(r#"
[grammar]
name = "example"
sink_category = "sql-injection"

[[techniques]]
name = "basic"
template = "' OR 1=1 --"
"#).unwrap();

// Get payloads for a category
let sqli = db.payloads("sql-injection");
for payload in sqli {
    println!("{}", payload.text);
}

// Get payloads with marker injection for taint tracking
let marked = db.payloads_with_marker("xss", "SLN_MARKER_42");

§Custom Encodings

Register custom encoding transforms:

use attackstr::PayloadDb;

let mut db = PayloadDb::new();
db.register_encoding("rot13", |s| {
    s.chars().map(|c| match c {
        'a'..='m' | 'A'..='M' => (c as u8 + 13) as char,
        'n'..='z' | 'N'..='Z' => (c as u8 - 13) as char,
        _ => c,
    }).collect()
});

Re-exports§

pub use config::PayloadConfigFile;
pub use validate::validate;
pub use validate::GrammarIssue;
pub use validate::IssueLevel;

Modules§

config
TOML-configurable settings. TOML-configurable PayloadConfig — load settings from file.
ports
Legacy payloads and custom validators imported from older suites. Legacy exploitation rule ports.
prelude
Convenience re-exports for common usage.
validate
Grammar validation. Grammar validation — catch errors at load time, not expansion time.

Structs§

Context
An injection context — defines prefix/suffix that break out of a data context.
CustomEncoder
A custom encoder that wraps a function pointer.
Encoding
An encoding transform applied to the final payload.
Grammar
A complete grammar definition loaded from TOML.
GrammarMeta
Metadata about a grammar.
Payload
A generated payload with metadata about its origin.
PayloadConfig
Configuration for payload generation behavior.
PayloadConfigBuilder
Builder for PayloadConfig.
PayloadDb
The central payload database. Loads grammars, expands payloads, serves them.
StaticPayloads
A static payload source that holds payloads directly in memory.
Technique
An attack technique — a template string with variable placeholders.
Variable
A variable substitution value.

Enums§

BuiltinEncoding
All built-in encoding names, for documentation and validation.
MarkerPosition
Placement strategy for marker-injected payloads.
PayloadError
Errors from payload operations.
TemplateExpansionError
Errors returned while expanding template placeholders.

Traits§

Encoder
A trait for encoding transforms.
PayloadSource
A trait for sources that can provide payloads.

Functions§

apply_encoding
Apply a built-in encoding transform by name.
mutate_all
Combine all built-in mutations into a deduplicated set.
mutate_case
Generate case-mutated variants of a payload.
mutate_encoding_mix
Generate mixed-encoding variants by applying different transforms to payload segments.
mutate_html
Generate HTML/JS-specific evasion variants.
mutate_null_bytes
Insert null bytes at various positions.
mutate_sql_comments
Generate SQL-specific comment variants for WAF bypass.
mutate_unicode
Generate unicode normalization bypass variants.
mutate_whitespace
Generate whitespace and comment-split variants of a payload.