s0md3v / Bolt

CSRF Scanner
GNU General Public License v3.0
547 stars 123 forks source link

Error #12

Closed fabelx closed 3 years ago

fabelx commented 3 years ago

Target: http://donki.xyz Cmd: python bolt.py -u http://donki.xyz/ -l 2 Output:

 ⚡ BOLT  ⚡

⚡ Phase: Crawling [1/6] [!] Crawled 23 URL(s) and found 18 form(s).
⚡ Phase: Evaluating [2/6] ⚡ Phase: Comparing [3/6] [!] Token matches the pattern of following hash type(s):

MD2 MD5 MD4 Double MD5 LM RIPEMD-128 Haval-128 Tiger-128 Skein-256(128) Skein-512(128) Lotus Notes/Domino 5 Skype ZipMonster PrestaShop md5(md5(md5($pass))) md5(strtoupper(md5($pass))) md5(sha1($pass)) md5($pass.$salt) md5($salt.$pass) md5(unicode($pass).$salt) md5($salt.unicode($pass)) HMAC-MD5 (key = $pass) HMAC-MD5 (key = $salt) md5(md5($salt).$pass) md5($salt.md5($pass)) md5($pass.md5($salt)) md5($salt.$pass.$salt) md5(md5($pass).md5($salt)) md5($salt.md5($salt.$pass)) md5($salt.md5($pass.$salt)) md5($username.0.$pass) Snefru-128 NTLM Domain Cached Credentials Domain Cached Credentials 2 DNSSEC(NSEC3) RAdmin v2.x Cisco Type 7 BigCrypt [!] Tokens are 36% similar to each other on an average [!] Common substring found { "add": [ "a737ef9f5734dbbfa36082a9b42badd7", "55f874770b4faddc6cd64159bdcb908e" ], "1fb": [ "f4006f01e6edf1fb53ddf0cf285619da", "94957ab8cb5f00295fc92e031fbaa3c8" ], "f01": [ "f4006f01e6edf1fb53ddf0cf285619da", "e2d3b0df014ff1a2e50212bb6530d533" ], "9f0": [ "9f0429920ca6637ade2c4e21fabe00ff", "e49f917acf5dc8e0e1a8c9293d39f053" ], "2c4e": [ "9f0429920ca6637ade2c4e21fabe00ff", "e8500d5a12c4e86aa4252831ac49a22c" ], "c92": [ "e49f917acf5dc8e0e1a8c9293d39f053", "94957ab8cb5f00295fc92e031fbaa3c8" ], "0d5": [ "e2d3b0df014ff1a2e50212bb6530d533", "e8500d5a12c4e86aa4252831ac49a22c" ] } ⚡ Phase: Observing [4/6] [!] 100 simultaneous requests are being made, please wait. [!] Different tokens were issued for simultaneous requests. ⚡ Phase: Testing [5/6] [~] Finding a suitable form for further testing. It may take a while. Traceback (most recent call last): File "bolt.py", line 248, in parsed = datanize(candidate, headers, tolerate=True) TypeError: datanize() got multiple values for argument 'tolerate'

path -> core/datanize.py 7: def datanize(forms, tolerate=False):

path -> bolt.py 248: parsed = datanize(candidate, headers, tolerate=True)

fabelx commented 3 years ago

Solved for self, just specify the depth of crawling as 1.