0d1n Web security tool to make fuzzing at HTTP
0d1n is an Open Source web application bruteforcer and Fuzzer, its objective is to automate exhaustive tests to search anomalies. At another point of view, this anomaly can be a vulnerability, These tests can follow web parameters, files, directories, forms, and others
Why is this tool made in C language?
- C has a high delay time for writing and debugging, but no pain no gain, it has fast performance, in addition, the C language is run at any architecture like Mips, ARM and others… in the future can follow mobile implementations. Other benefits of C is that it has a good and high profile to write optimizations if you want to write some lines in ASSEMBLY code with AES-NI or SiMD instructions, this is a good choice.
- Why you don’t use POO ? in this project I follow the”KISS” principle: http://pt.wikipedia.org/wiki/Keep It Simple
- C language has a lot of old school dudes like a kernel hacker.
You can do:
*brute force login and passwords in auth forms
*directory disclosure ( use PATH list to brute, and find HTTP status code )
*test to find SQL Injection and XSS vulnerabilities
*Options to load ANTI-CSRF token each request
*Options to use random proxy per request
- Fix CSRF Token spider
- Fix Bug in all tampers at replace function
- Remove some hardening in MakeFile because runs erros in some linux distros…
require libcurl-dev or libcurl-devel(on rpm linux based)
$ git clone https://github.com/CoolerVoid/0d1n/
need libcurl to run
$ sudo apt-get install libcurl-dev
if rpm distro
$ sudo yum install libcurl-devel
Copyright (C) 2014 CoolerVoid