ekultek
|
1fd3f281e7
|
updates to cloudflare, sucuri WAF scripts, added AWS waf script (issue #142)
|
2017-11-14 16:07:26 -06:00 |
|
ekultek
|
beaa69f7af
|
added a few new WAF scripts (issue #142) squid proxy IDS, cloudfront, minor updates to modsecurity
|
2017-11-14 13:54:52 -06:00 |
|
ekultek
|
6f05a8e656
|
bumped version number, added return True to the blacklist parsing
|
2017-11-14 12:54:22 -06:00 |
|
ekultek
|
885fe2e43f
|
created a new WAF script for powerful firewall (mybb plugin issue #142)
|
2017-11-14 12:53:54 -06:00 |
|
ekultek
|
55b1285809
|
multiple tamper scripts now implemented (issue #149), checks if the status code is a 404 before saying it's XSS vulnerable (issue #147)
|
2017-11-14 11:46:14 -06:00 |
|
ekultek
|
10987c4e14
|
can now search multiple pages with a random dork using the -r flag (issue #146)
|
2017-11-14 11:15:02 -06:00 |
|
ekultek
|
a805afd1fa
|
minor update so that it will not keep pulling the Apache server error, this way it will truly only pull what it believes are WAF/IDS/IPS's
|
2017-11-13 20:46:26 -06:00 |
|
ekultek
|
c4af51be6d
|
created a blacklist, when a dork pulls no URLs it will add it to a blacklist, if the dork is in the blacklist and you use it again, it will prompt you if you want to continue or not
|
2017-11-13 20:45:32 -06:00 |
|
ekultek
|
9cb82a7096
|
minor update to webseal WAF script, will better recognize now
|
2017-11-13 20:43:41 -06:00 |
|
ekultek
|
2639eeadef
|
updated modsecurity and created a new waf scripts for wordfence
|
2017-11-13 14:35:46 -06:00 |
|
ekultek
|
c91ba86fef
|
patches an issue where warnings would be display (issue #145)
|
2017-11-13 14:35:24 -06:00 |
|
ekultek
|
ef97ce7094
|
fix or an issue when an error occurs during the WhoIs lookup it will exit (issue #144)
|
2017-11-13 14:29:32 -06:00 |
|
ekultek
|
d4c1e2dc1c
|
patch for an issue where the firefox profile would fail, will now specify the binary path if you hit this error (issue #143)
|
2017-11-13 09:48:02 -06:00 |
|
ekultek
|
f2cad88415
|
initial push for issue #142, created a few WAF scripts to detect, will also save the fingerprint of the WAF script if the protection is declared to be generic
|
2017-11-12 19:13:00 -06:00 |
|
ekultek
|
1eb861ae16
|
patch for a reported issue (private) where if there are no URL's left it will keep going until it hits the max page, will now stop
|
2017-11-11 16:30:03 -06:00 |
|
ekultek
|
cec5a4c7c5
|
will now save discovered cookies to a log file
|
2017-11-11 16:02:34 -06:00 |
|
ekultek
|
77bc6dc956
|
multiple page searching no longer requires Google's API, you can now perform as many requests as you want and get as many links as you want as long as it does not go over 500 pages. Removed a couple dependencies that needed to be there for Google's API
|
2017-11-11 15:11:06 -06:00 |
|
ekultek
|
11976b7018
|
minor updates, removed the dict args option in sqlmaphook and fixed some output coloring issues
|
2017-11-11 15:09:20 -06:00 |
|
ekultek
|
17c5771eac
|
minor adjustments to the coding style, nothing that will cause any problems
|
2017-11-11 10:43:50 -06:00 |
|
ekultek
|
ed3d15c26f
|
threading has been enabled on admin panel finder, be careful when going over 10 threads, you will be warned if you go over
|
2017-11-11 10:43:19 -06:00 |
|
ekultek
|
0046932f60
|
moved intel AMT bypass code to the deprecated folder and added it to the gitignore
|
2017-11-11 10:42:17 -06:00 |
|
ekultek
|
d4d6630f59
|
patches an error where if you are unable to retrieve the headers it will fail, will not just output that it is unable to retreive the headers (issue #141)
|
2017-11-11 06:25:33 -06:00 |
|
ekultek
|
b35f8afe3b
|
is now able to parse sqlmap configuration files, so if you have a saved conf file from sqlmap that you like to use, you can use it here with the --sqlmap-conf flag
|
2017-11-10 14:30:01 -06:00 |
|
ekultek
|
7747f58700
|
patch for a privatley reported issue where enumerating a certain file would only allow you to run the latest log file, no matter what file was passed, will now allow you to run any file you want and if nothing is passed will run the latest log file
|
2017-11-10 13:32:06 -06:00 |
|
ekultek
|
70b5612f07
|
deprecated intel AMT bypass scanner, full batch functionality implemented, edited the deprecation method so it will no longer try to connect to the function, added extracted to the skip schema when writing log files, created a way to display the question with the default choice displayed as well, welcome to version 1.2
|
2017-11-10 11:02:30 -06:00 |
|
ekultek
|
3db01c4dcf
|
will only display the headers that are equipped for protection and will no longer prompt you if you want to continue, a warning should be enough, fixed a new line issue in an inof message
|
2017-11-10 11:00:21 -06:00 |
|
ekultek
|
33ac2f961a
|
same as admin panel, full batch functionaility has been implemented
|
2017-11-10 10:59:16 -06:00 |
|
ekultek
|
d5575b51ec
|
has been deprecated, code will be moved to a deprecated folder inside of etc/deprecated by version 1.3
|
2017-11-10 10:58:45 -06:00 |
|
ekultek
|
c6c27f8b26
|
created full batch functionality for the admin panel finder, will display the default if batch is requested
|
2017-11-10 10:58:11 -06:00 |
|
ekultek
|
150ebef721
|
will now save all headers to the log file
|
2017-11-09 14:40:23 -06:00 |
|
ekultek
|
4ac02a8ff1
|
patch for a reported issue where saving the files would save over the important logs, such as url-log-1 -> url-log(1), blackwidow-log-1 -> blackwidow-log(1) (privatley reported)
|
2017-11-09 10:57:51 -06:00 |
|
ekultek
|
49cfc78d9e
|
patch for an issue where I rolled back a search setting
|
2017-11-09 08:31:29 -06:00 |
|
ekultek
|
d258803efc
|
moved the run attacks function to the settings file
|
2017-11-09 08:26:29 -06:00 |
|
ekultek
|
0151d26449
|
fixed some circular importing issues
|
2017-11-09 08:25:46 -06:00 |
|
ekultek
|
65744104f3
|
minor tweak to output colors, when run in batch will not prompt if you want to save the URL's, will just delete them
|
2017-11-08 20:02:51 -06:00 |
|
ekultek
|
769f4c5dc6
|
minor tweak to the output coloring
|
2017-11-08 20:01:43 -06:00 |
|
ekultek
|
42ee8e6a2b
|
removed deprecated commented out code, minor tweak to the color output
|
2017-11-08 20:01:12 -06:00 |
|
ekultek
|
61d25ec6be
|
minor tweaks to the output colors
|
2017-11-08 20:00:27 -06:00 |
|
ekultek
|
1445ac4a2e
|
edited so that when something is clickjack vulnerable, you'll know it is
|
2017-11-08 19:59:48 -06:00 |
|
ekultek
|
68842f8d31
|
edited so that when something good happens you will know it's good, robots.txt will not prompt when running in batch mode
|
2017-11-08 19:58:44 -06:00 |
|
ekultek
|
79c0174105
|
added two new colors to the set_color function (bold yellow and bold green), created a deprecation function that will display if something is going to be deprecated soon or not
|
2017-11-08 19:57:33 -06:00 |
|
ekultek
|
856e38b970
|
while writing to a log file, if the file is already present, it will now write to a seperate file with the duplicate number in it, IE www.google.com-clickjacking.html will be www.google.com(1).html, www.google.com(2).html, etc.. (issue #140)
|
2017-11-08 14:00:31 -06:00 |
|
ekultek
|
864983250f
|
when a header is present it will now display as a warning instead of an error
|
2017-11-08 13:57:45 -06:00 |
|
ekultek
|
b5ca0225b6
|
created a header check whilst running attacks. if a protection header is found in the headers found, it will prompt you and warn you
|
2017-11-07 14:52:57 -06:00 |
|
ekultek
|
46930fd19c
|
patch for a reported issue (private) will now successfully search through the ports that may contain the AMT exploitable bypass
|
2017-11-07 12:22:53 -06:00 |
|
ekultek
|
826906487e
|
bumped version number for new items
|
2017-11-07 11:57:14 -06:00 |
|
ekultek
|
dfb39c8eb3
|
added a timeout to the WhoIs lookup, this will prevent the API from stopping us
|
2017-11-07 11:56:51 -06:00 |
|
ekultek
|
b28fd3eac4
|
minor edits to most information, some updates to intel scans verbosity, comment edits to sqlmap
|
2017-11-06 12:25:53 -06:00 |
|
ekultek
|
bfdc001de2
|
minor edit to an invalid function call
|
2017-11-04 09:17:19 -05:00 |
|
ekultek
|
c8a823b2f6
|
edited the file path to reflect the file changes, optimizations to some of the functions, bumped version number, added another URL to the skip schema
|
2017-11-04 09:13:26 -05:00 |
|