0d1n Web security tool to make fuzzing at HTTP
0d1n is an Open Source web application bruteforcer and Fuzzer, its objective is to automate exhaustive tests to search anomalies. At another point view, this anomaly can be a vulnerability, These tests can follow web parameters, files, directories, forms and others
Why is this tool made in C language?
- C has a high delay time for writing and debugging, but no pain no gain, it has a fast performance, in addition, the C language is run at any architecture like Mips, ARM and others… in the future can follow mobile implementations. Other benefits of C is that it has a good and high profile to write optimizations if you want to write some lines in ASSEMBLY code with AES-NI or SiMD instructions, this is a good choice.
- Why you don’t use POO ? in this project I follow ”KISS” principle: http://pt.wikipedia.org/wiki/Keep It Simple
- C language has a lot of old school dudes like a kernel hacker.
You can do:
*brute force login and passwords in auth forms
*directory disclosure ( use PATH list to brute, and find HTTP status code )
*test to find SQL Injection and XSS vulnerabilities
*Options to load ANTI-CSRF token each request
*Options to use random proxy per request
- Fix time bug
- Fix fork() bug
- Improve scanning
Installation 0d1n Web security tool
require libcurl-dev or libcurl-devel(on rpm linux based)
$ git clone https://github.com/CoolerVoid/0d1n/
need libcurl to run
$ sudo apt-get install libcurl-dev
if rpm distro
$ sudo yum install libcurl-devel