0d1n - just another web security tool


This simple tool is for automating customized attacks against web applications, made in Ansi C with libcurl.

"This tool have the purpose to explain how a web vulnerability scanner works, made for demonstration at the OWASP Floripa 2012 lecture "

$ ./0d1n 
       
~.             ~            
         
01...___|__..10.              
         
1010   101   101            
           
0101  :Bug  :Sec   `.oo'  
           :101  |666  |101  ( (`
-'  
 .---.    1010  ;110  ;010   `.`.    
/ .-._)  111-"""|"""'
-000      `.`.   ( (`._) .-.  .-. |.-.  .-.  .-. ) )
  `
---( 1 )( 0 )( 1 )( 1 )( 0 )-' /  
 `.    `-'
 `-'  `-'  `-'  `-'  .'  
   `
---------------------------'    
Odin simple scanner v 0.8
-h host to scan
-p payload list to inject
-f grep list to find on response
-c cookie jar file to load
-P post method params  ex: '
var=!&x=!...'
-o output of result
-u custom UserAgent
-s Load CA certificate to work with SSL
-T Timeout of response
-t Number of threads
example:
./odin --h '
http://site.com/view/1!/product/!/' --p sqli.txt --f response_sqli.txt --o site
Coded by Cooler_
 c00f3r
[at]gmail[dot]com
 BUGSEC TEAM

Github


Download 

Video example


Source -