XSRFProbe v2.3.1 releases: CSRF Scanner Equipped with Powerful Crawling Engine & Intelligent Token Generator
XSRF Probe
XSRF Probe is an advanced Cross-Site Request Forgery Audit Toolkit equipped with Powerful Crawling and Intelligent Token Generation Capabilities.
Some Features:
- Performs several types of checks before declaring an endpoint as vulnerable.
- Can detect several types of Anti-CSRF tokens in POST requests.
- Works with a powerful crawler which features continuous crawling and scanning.
- Out of the box support for custom cookie values and generic headers.
- Accurate Token-Strength Detection and Analysis using various algorithms.
- Can generate both normal as well as maliciously exploitable CSRF proof of concepts.
- Well documented code and highly generalised automated workflow.
- The user is in control of everything whatever the scanner does.
- Has a user-friendly interaction environment with full verbose support.
- Detailed logging system of errors, vulnerabilities, tokens and other stuffs.
The Workflow:
The typical workflow of this scanner is :-
- Spiders the target website to find all pages.
- Finds all types of forms present on the each page.
- Hunts out hidden as well as visible parameter values.
- Submits each form with normal tokens & parameter values.
- Generates random token strings and sets parameter values.
- Submits each form with the crafted tokens.
- Finds out if the tokens are sufficiently protected.
- Generates custom proof of concepts after each successful bug hunt.
Changelog v2.3.1
This release includes critical bug fixes for:
- Line ending formatting bug when installing via pypi/pip.
- Cookies and headers which were not being added to all requests.
- CA verification switch which did not exclusively apply to all requests.
- Other regular optimisation features.
Download
git clone https://github.com/theInfectedDrake/XSRFProbe.git
python3 setup.py install
or
pip install xsrfprobe
Use
python csrfprobe.py
XSRFProbe, A Cross-Site Request Forgery Audit Toolkit
Copyright (C) 2018 @_tID
