CoolerVoid / 0d1n
Programming Languages
Projects that are alternatives of or similar to 0d1n
0d1n
0d1n is a tool for automating customized attacks against web applications. This tool is significantly faster because it uses thread pool and C language.
0d1n is a tool for automating customized attacks against web applications.
Video demo: https://www.youtube.com/watch?v=1L22mbbVge0
Tool functions:
-
Brute force login and passwords in auth forms
-
Directory disclosure ( use PATH list to the brute, and find HTTP status code )
-
Test to find SQL Injection and XSS vulnerabilities
-
Test to find SSRF
-
Test to find COmmand injection
-
Options to load ANTI-CSRF token each request
-
Options to use random proxy per request
-
other functions.
To run and install, follow these steps:
require libcurl-dev or libcurl-devel(on rpm linux based)
$ git clone https://github.com/CoolerVoid/0d1n/
It would be best if you had lib curl to run. Look at the following to install:
$ sudo apt-get install libcurl-dev
or try libcurl4-de or libcurl*
if rpm distro
$ sudo yum install libcurl-devel
To install follow this cmd:
$ cd 0d1n
$ make; sudo make install USER=name_your_user;
$ cd 0d1n_viewer; make; sudo make install USER=name_your_user;
Up the view server to look at the reports online:
$ sudo 0d1n_view
Now in another console, you can run the tool:
$ 0d1n
If you need to uninstall, follow these steps:
$ cd 0d1n; sudo make uninstall
$ cd 0d1n_view; sudo make uninstall
Attack examples:
Brute force to find the directory
$ 0d1n --host http://127.0.0.1/^ --payloads /opt/0d1n/payloads/dir_brute.txt --threads 500 --timeout 3 --log bartsimpsom4 --save_response
Note: You can change the value of threads. If you have a good machine, you can try 800, 1200 each device has a different context.
For SQL injection attack
$ 0d1n --host 'http://site.com/view/1^/product/^/' --payloads /opt/0d1n/payloads/sqli_list.txt --find_string_list /opt/0d1n/payloads/sqli_str2find_list.txt --log log1337 --tamper randcase --threads 800 --timeout 3 --save_response\n"
Note: Tamper is a resource to try to bypass the web application firewall
To brute force auth system
0d1n --host 'http://site.com/auth.py' --post 'user=admin&password=^' --payloads /opt/0d1n/payloads/wordlist.txt --log log007 --threads 500 --timeout 3\n"
Note: if you have a csrf token, you can use argv to get this token for each request and brute.
Search SQLi in hard mode in login system with csrf token:
0d1n --host "http://127.0.0.1/vulnerabilities/sqli/index.php?id=^" --payloads /opt/0d1n/payloads/sqli.txt --find_string_list /opt/0d1n/payloads/find_responses.txt --token_name user_token --log logtest_fibonaci49 --cookie_jar /home/user_name/cookies.txt --save_response --tamper randcase --threads 100
Note: Load the cookies jar from the browser and save in cookies.txt to load.
Notes External libs
-
To gain extreme performance, 0d1n uses a thread pool of POSIX threads. You can study this small library: https://github.com/Pithikos/C-Thread-Pool
-
The 0d1n uses OpenBSD/NetBSD functions to work with strings something like strlcat() and strlcpy() to prevent buffer overflow.
Project Overview on cloc
[email protected]:~/codes$ cloc 0d1n/
937 text files.
532 unique files.
451 files ignored.
-------------------------------------------------------------------------------
Language files blank comment code
-------------------------------------------------------------------------------
JavaScript 361 9951 15621 52178
C 51 4986 4967 26642
C/C++ Header 30 1184 2858 4295
CSS 10 434 369 2142
HTML 7 59 0 1616
TeX 2 52 4 206
Markdown 3 81 0 137
make 4 36 9 130
Bourne Shell 2 0 0 4
-------------------------------------------------------------------------------
SUM: 487 16835 23846 91213
-------------------------------------------------------------------------------
Read the docs, and help menu when you execute the "0d1n" binary...
Do you have any doubt about 0d1n? Please create an issue in this repository. I can help you.
To study old versions, look at the following:
http://sourceforge.net/projects/odin-security-tool/files/?source=navbar