crimson v2.1 releases: automates some of the Pentester or Bug Bounty Hunter tasks
Crimson
Crimson is a tool that automates some of the Pentester or Bug Bounty Hunter tasks.
It uses many open source tools, most of them are available for download from github.
It consists of three partially interdependent modules:
- crimson_recon – automates the process of domain reconnaissance.
- crimson_target – automates the process of urls reconnaissance.
- crimson_exploit – automates the process of bug founding.
🔻crimson_recon
This module can help you if you have to test big infrastructure or you are trying to earn some bounties in *.scope.com domain. It includes many web scraping and bruteforcing tools.
🔻crimson_target
This module covers one particular domain chosen by you for testing.
It uses a lot of vulnerability scanners, web scrapers and bruteforcing tools.
🔻crimson_exploit
This module uses a number of tools to automate the search for certain bugs in a list of urls.
Changelog v2.1
- Narrowed down the “OR” list.
- Open Redirection testing now is only possible with the “-x” flag.
- This is due to Burp Suite, which will find most OR vulns.
- GOAST – small code changes. Bugs patched and added concurrency.
- HBH testing function was removed from the default crimson_target workflow.
- You can add those functions manually if you want.
- get_the_robots() output bug patched.
- Removed crimson_deserializator from crimson_exploit workflow
- Removed codeql function, if you want to use it, you have to manually add it to the workflow.
- No more prompt after the first run of the docker on CMSEEK
- New aliases in .bashrc
- Preinstalled fd and batcat
Install & Use
Copyright (C) 2021 Karmaz95