This simple tool is for automating customized attacks against web applications, made in Ansi C with libcurl.
"This tool have the purpose to explain how a web vulnerability scanner works, made for demonstration at the OWASP Floripa 2012 lecture "
$ ./0d1n
~. ~
01...___|__..10.
1010 101 101
0101 :Bug :Sec `.oo'
:101 |666 |101 ( (`-'
.---. 1010 ;110 ;010 `.`.
/ .-._) 111-"""|"""'-000 `.`. ( (`._) .-. .-. |.-. .-. .-. ) )
`---( 1 )( 0 )( 1 )( 1 )( 0 )-' /
`. `-' `-' `-' `-' `-' .'
`---------------------------'
Odin simple scanner v 0.8
-h host to scan
-p payload list to inject
-f grep list to find on response
-c cookie jar file to load
-P post method params ex: 'var=!&x=!...'
-o output of result
-u custom UserAgent
-s Load CA certificate to work with SSL
-T Timeout of response
-t Number of threads
example:
./odin --h 'http://site.com/view/1!/product/!/' --p sqli.txt --f response_sqli.txt --o site
Coded by Cooler_
c00f3r[at]gmail[dot]com
BUGSEC TEAM
Github
Download
Video example
Source -
0 comments:
Post a Comment