gwen001
commented
1 year ago Problem occured with the following fields: homepage
Check the guidelines.
Closed SelmiAhmed closed 1 year ago
gwen001
commented
1 year ago Problem occured with the following fields: homepage
Check the guidelines.
gwen001
commented
1 year ago Issue correctly handled, tool is waiting for human validation.
gwen001
commented
1 year ago Tool has been accepted by the team: https://offsec.tools/tool/agartha
Thank you for your contribution!
[homepage]https://github.com/volkandindar/agartha[/homepage] [link]https://github.com/volkandindar/agartha[/link] [short_descr]a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix-based user sessions to spot authentication/authorization issues, and converts Http requests to Javascript for further XSS exploitation [/short_descr] [long_descr]Agartha is a penetration testing tool which creates dynamic payload lists and user access matrix to reveal injection flaws and authentication/authorization issues. There are many different attack payloads alredy exist, but Agartha creates run-time, systematic and vendor-neutral payloads with many different possibilities and bypassing methods. It also draws attention to user session and URL relationships, which makes easy to find user access violations. And additionally, it converts Http requests to JavaScript to help digging up XSS issues more. In summary: Payload Generator: It creates payloads/wordlists for different attack types. Local File Inclusion, Directory Traversal: It creates file dictionary lists with various encoding and escaping characters. Command Injection / Remote Code Execution: It creates command dictionary lists for both unix and windows environments with different combinations. SQL Injection: It creates Stacked Queries, Boolean-Based, Union-Based, Time-Based and Order-Based SQL Injection wordlist for various databases to help finding vulnerable spots. Authorization Matrix: It creates an access role matrix based on user sessions and URL lists to determine authorization/authentication related access violation issues. And Http Request to JavaScript Converter: It converts Http requests to JavaScript code to be useful for further XSS exploitation and more.[/long_descr] [image]
[/image]
[tags]burpsuite,LFI,RCE,Auth,SQL Injection[/tags]