ekultek
|
1fd3f281e7
|
updates to cloudflare, sucuri WAF scripts, added AWS waf script (issue #142)
|
2017-11-14 16:07:26 -06:00 |
|
ekultek
|
beaa69f7af
|
added a few new WAF scripts (issue #142) squid proxy IDS, cloudfront, minor updates to modsecurity
|
2017-11-14 13:54:52 -06:00 |
|
ekultek
|
5df541f8b4
|
new checksums for the changed files
|
2017-11-14 12:55:18 -06:00 |
|
ekultek
|
55b1285809
|
multiple tamper scripts now implemented (issue #149), checks if the status code is a 404 before saying it's XSS vulnerable (issue #147)
|
2017-11-14 11:46:14 -06:00 |
|
ekultek
|
10987c4e14
|
can now search multiple pages with a random dork using the -r flag (issue #146)
|
2017-11-14 11:15:02 -06:00 |
|
ekultek
|
f820f7ec7a
|
new md5sums for the changed files
|
2017-11-13 20:46:51 -06:00 |
|
ekultek
|
5d9de51a57
|
minor edit to a dork that had unicode in it
|
2017-11-13 20:43:13 -06:00 |
|
ekultek
|
2639eeadef
|
updated modsecurity and created a new waf scripts for wordfence
|
2017-11-13 14:35:46 -06:00 |
|
ekultek
|
d4c1e2dc1c
|
patch for an issue where the firefox profile would fail, will now specify the binary path if you hit this error (issue #143)
|
2017-11-13 09:48:02 -06:00 |
|
ekultek
|
f2cad88415
|
initial push for issue #142, created a few WAF scripts to detect, will also save the fingerprint of the WAF script if the protection is declared to be generic
|
2017-11-12 19:13:00 -06:00 |
|
ekultek
|
1eb861ae16
|
patch for a reported issue (private) where if there are no URL's left it will keep going until it hits the max page, will now stop
|
2017-11-11 16:30:03 -06:00 |
|
ekultek
|
cec5a4c7c5
|
will now save discovered cookies to a log file
|
2017-11-11 16:02:34 -06:00 |
|
ekultek
|
77bc6dc956
|
multiple page searching no longer requires Google's API, you can now perform as many requests as you want and get as many links as you want as long as it does not go over 500 pages. Removed a couple dependencies that needed to be there for Google's API
|
2017-11-11 15:11:06 -06:00 |
|
ekultek
|
22f622b549
|
new checksums for the edited files
|
2017-11-11 10:44:06 -06:00 |
|
ekultek
|
0046932f60
|
moved intel AMT bypass code to the deprecated folder and added it to the gitignore
|
2017-11-11 10:42:17 -06:00 |
|
ekultek
|
d4d6630f59
|
patches an error where if you are unable to retrieve the headers it will fail, will not just output that it is unable to retreive the headers (issue #141)
|
2017-11-11 06:25:33 -06:00 |
|
ekultek
|
b35f8afe3b
|
is now able to parse sqlmap configuration files, so if you have a saved conf file from sqlmap that you like to use, you can use it here with the --sqlmap-conf flag
|
2017-11-10 14:30:01 -06:00 |
|
ekultek
|
7747f58700
|
patch for a privatley reported issue where enumerating a certain file would only allow you to run the latest log file, no matter what file was passed, will now allow you to run any file you want and if nothing is passed will run the latest log file
|
2017-11-10 13:32:06 -06:00 |
|
ekultek
|
7eb4e8bbf4
|
new checksums for the files, removed intel from the checksum
|
2017-11-10 11:04:49 -06:00 |
|
ekultek
|
150ebef721
|
will now save all headers to the log file
|
2017-11-09 14:40:23 -06:00 |
|
ekultek
|
4ac02a8ff1
|
patch for a reported issue where saving the files would save over the important logs, such as url-log-1 -> url-log(1), blackwidow-log-1 -> blackwidow-log(1) (privatley reported)
|
2017-11-09 10:57:51 -06:00 |
|
ekultek
|
49cfc78d9e
|
patch for an issue where I rolled back a search setting
|
2017-11-09 08:31:29 -06:00 |
|
ekultek
|
f8623a59ea
|
edited the checksums for the files
|
2017-11-09 08:27:02 -06:00 |
|
ekultek
|
4e46a2a953
|
new checksums for the edited files
|
2017-11-08 20:04:16 -06:00 |
|
ekultek
|
856e38b970
|
while writing to a log file, if the file is already present, it will now write to a seperate file with the duplicate number in it, IE www.google.com-clickjacking.html will be www.google.com(1).html, www.google.com(2).html, etc.. (issue #140)
|
2017-11-08 14:00:31 -06:00 |
|
ekultek
|
b5ca0225b6
|
created a header check whilst running attacks. if a protection header is found in the headers found, it will prompt you and warn you
|
2017-11-07 14:52:57 -06:00 |
|
ekultek
|
46930fd19c
|
patch for a reported issue (private) will now successfully search through the ports that may contain the AMT exploitable bypass
|
2017-11-07 12:22:53 -06:00 |
|
ekultek
|
c59e987435
|
edited the checksums to match the new data
|
2017-11-07 11:56:12 -06:00 |
|
ekultek
|
b28fd3eac4
|
minor edits to most information, some updates to intel scans verbosity, comment edits to sqlmap
|
2017-11-06 12:25:53 -06:00 |
|
ekultek
|
0ea3597462
|
moved all files into a specified directory, text under text, html under html
|
2017-11-04 09:09:54 -05:00 |
|
ekultek
|
25e674d4b7
|
patch for an issue where the attacks would fail due to non-extracted webcache URLs
|
2017-11-04 08:25:30 -05:00 |
|
ekultek
|
90ba39f3ed
|
patch for an issue where if the site refuses connection it would keep trying to crawl it (issue #134)
|
2017-11-03 09:49:58 -05:00 |
|
ekultek
|
69fd18d5a5
|
you are now able to use Tor to do the searching by passing the --tor flag, the firefox browser settings will mimic the tor browser settings and you will be able to connect via Tor, be careful, Google does not like Tor. You will also be able to connect to Tor to do the parsing
|
2017-11-02 10:27:08 -05:00 |
|
ekultek
|
3bced94e70
|
minor update for a privately reported issue, where the HTML would display the site in a small scroll box, will not display as the full site
|
2017-11-02 09:24:23 -05:00 |
|
ekultek
|
bc335fa2d3
|
created a clickjacking scanner that will test a page for an X-Frame-Options header, if the header is not there, then it will create a basic HTML page with that URL as an iframe
|
2017-11-01 21:48:58 -05:00 |
|
ekultek
|
b26d29108c
|
fixes an issue where the geckodriver will not connect, usually means something happened during the installation of it, will now attempt to re-install the geckodriver (issue #132)
|
2017-11-01 10:07:15 -05:00 |
|
ekultek
|
e85c13b2b8
|
minor update to the search.py file, X-Forwarded instead of X-Forward
|
2017-10-31 14:11:05 -05:00 |
|
ekultek
|
da22c7db7f
|
updated the md5sum with the newest MD5 hashes
|
2017-10-31 13:22:58 -05:00 |
|
ekultek
|
fec7935d42
|
forgot to update the version number
|
2017-10-31 09:49:35 -05:00 |
|
ekultek
|
99575425f1
|
fixes an issue where if you run in verbose mode with whois lookup it will error out if certain information is not found (issue #128), it will now display the JSON data if you run in verbose mode
|
2017-10-31 09:47:49 -05:00 |
|
ekultek
|
04cd49e722
|
added some new URL's to the skip schema, edited the DDG link to the HTML link, made sure that the URL is not just a protocol before adding to the file
|
2017-10-29 11:46:36 -05:00 |
|
ekultek
|
6030774303
|
a patch for a reported issue (private) where if the found sitemap already exists, it would error out. will not just write as plain text and warn you that it probably already exists, also fixes an issue where found admin pages where not saved to a log file, and finally moved the sitemap.xml and robots.txt searches to a single function
|
2017-10-29 11:00:28 -05:00 |
|
ekultek
|
182e588774
|
patched a privately reported issue that would not allow you to run the blackwidow crawler behind a proxy, forgot a space in the README file
|
2017-10-28 16:53:13 -05:00 |
|
ekultek
|
f75cabb876
|
added a new requirement BeautifulSoup, fixed the crawler will pull all links with an 'a' tag and descriptor of 'href', bumped version number
|
2017-10-28 16:28:18 -05:00 |
|
ekultek
|
0c8d4f9bf7
|
edited the default user agent so it will reflect the best practices of user agent strings (reference https://docs.developer.amazonservices.com/en_US/dev_guide/DG_UserAgentHeader.html)
|
2017-10-28 15:49:10 -05:00 |
|
ekultek
|
94a37a2b30
|
removed some things from the checksum file that aren't needed, fixed the directory list on the README file
|
2017-10-28 15:03:22 -05:00 |
|
ekultek
|
073361339b
|
bumped the version number and edited the checksums to match the new updates
|
2017-10-28 08:25:13 -05:00 |
|
ekultek
|
b18e017d77
|
removed unicode characters out of the dorks and payloads file
|
2017-10-28 08:24:30 -05:00 |
|
ekultek
|
5e227c9c97
|
removed unicode characters out of the dorks and payloads file
|
2017-10-28 08:24:23 -05:00 |
|
ekultek
|
ecf067b6bb
|
patch for unicode errors, it appears that selenium isn't formatted to handle unicode errors (as far as I can tell) so the dork that causes the error will be skipped (issue #125)
|
2017-10-27 17:14:08 -05:00 |
|