crimson v3.0 releases: automates some of the Pentester or Bug Bounty Hunter tasks
It consists of three partially interdependent modules:
- crimson_recon – automates the process of domain reconnaissance.
- crimson_target – automates the process of urls reconnaissance.
- crimson_exploit – automates the process of bug founding.
This module can help you if you have to test big infrastructure or you are trying to earn some bounties in *.scope.com domain. It includes many web scraping and bruteforcing tools.
This module covers one particular domain chosen by you for testing.
It uses a lot of vulnerability scanners, web scrapers and bruteforcing tools.
This module uses a number of tools to automate the search for certain bugs in a list of urls.
- Changed operation system from UBUNTU to Kali
- Changed .bashrc aliases.
- All modules were rebuilt.
- Added new module crimson_IPcon – for IP-only assessment.
- Active Directory enumeration & vulnerability scanning was added in crimson_IPcon.
- No more port scanning on crimson_recon and crimson_target. If you need this functionality, use crimson_IPcon.
- No more Python 2.7 code ( there are still some scripts in the /scripts/ directory, but the modules do not use them. I decided to leave them there, so I can rewrite the code if needed to python3 or GO in the future)
- testssl, wpscan and jwt_tool transferred from crimson_exploit to crimson_target
- testssl transferred from crimson_exploirt to crimson_target
- crimson_exploit does not need domain anymore, just the params.txt | all.txt | dirs.txt files
- Added sstimap.py to the SSTI testing in the crimson_exploit module
- It is possible now to use the crimson_exploit module without a domain name. Just place the dirs.txt and params.txt in the current directory and run the script.
- crimson_faker.py script => Template for generating fake data for API testing.
- crimson_target – dig_for_secret functions were moved out. It will be a part of the 5th module for the static code analysis in the next patch.
- New for flag crimson_target -n to skip brute-forcing directories.
- All banners were removed from modules
- Nuclei run with headless mode
- You can use c_0, c_1, c_2, and c_3 aliases instead of crimson_MODULE-NAME
- Removed some static_code analysis functions from modules and placed them in the future c_4 module named crimson_lang.
Copyright (C) 2021 Karmaz95