All Projects → tijme → Angularjs Csti Scanner

tijme / Angularjs Csti Scanner

Licence: mit
Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Angularjs Csti Scanner

V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+295.79%)
Mutual labels:  exploit, xss, vulnerability-scanners
Pentest Tools Framework
Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities
Stars: ✭ 48 (-77.57%)
Mutual labels:  exploit, vulnerability-scanners
Atscan
Advanced dork Search & Mass Exploit Scanner
Stars: ✭ 817 (+281.78%)
Mutual labels:  xss, vulnerability-scanners
Cve 2019 0708 Tool
A social experiment
Stars: ✭ 87 (-59.35%)
Mutual labels:  exploit, tool
Windows Kernel Exploits
windows-kernel-exploits Windows平台提权漏洞集合
Stars: ✭ 5,963 (+2686.45%)
Mutual labels:  exploit, tool
Joomscan
OWASP Joomla Vulnerability Scanner Project
Stars: ✭ 640 (+199.07%)
Mutual labels:  exploit, vulnerability-scanners
Slickermaster Rev4
NSA Hacking Tool Recreation UnitedRake
Stars: ✭ 62 (-71.03%)
Mutual labels:  exploit, tool
Linux Kernel Exploits
linux-kernel-exploits Linux平台提权漏洞集合
Stars: ✭ 4,203 (+1864.02%)
Mutual labels:  exploit, tool
Hackvault
A container repository for my public web hacks!
Stars: ✭ 1,364 (+537.38%)
Mutual labels:  exploit, xss
Phonesploit
A tool for remote ADB exploitation in Python3 for all Machines.
Stars: ✭ 122 (-42.99%)
Mutual labels:  exploit, tool
Vulscan
Advanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+977.1%)
Mutual labels:  exploit, vulnerability-scanners
Xspear
Powerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (+172.43%)
Mutual labels:  xss, tool
Hack Tools
hack tools
Stars: ✭ 488 (+128.04%)
Mutual labels:  exploit, vulnerability-scanners
Hacking
hacker, ready for more of our story ! 🚀
Stars: ✭ 413 (+92.99%)
Mutual labels:  vulnerability-scanners, tool
Php Antimalware Scanner
AMWScan (PHP Antimalware Scanner) is a free tool to scan php files and analyze your project to find any malicious code inside it.
Stars: ✭ 181 (-15.42%)
Mutual labels:  exploit, tool
Pythem
pentest framework
Stars: ✭ 1,060 (+395.33%)
Mutual labels:  exploit, xss
Iblessing
iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.
Stars: ✭ 326 (+52.34%)
Mutual labels:  exploit, vulnerability-scanners
Jsshell
An interactive multi-user web JS shell
Stars: ✭ 330 (+54.21%)
Mutual labels:  exploit, xss
H4cker
This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
Stars: ✭ 10,451 (+4783.64%)
Mutual labels:  exploit, vulnerability-scanners
Jsshell
JSshell - JavaScript reverse/remote shell
Stars: ✭ 167 (-21.96%)
Mutual labels:  exploit, xss

.. raw:: html

.. image:: https://rawgit.com/tijme/angularjs-csti-scanner/master/.github/logo.svg?pypi=png.from.svg :width: 300px :height: 300px :alt: AngularJS Client-Side Template Injection Logo

.. raw:: html


.. image:: https://raw.finnwea.com/shield/?firstText=Donate%20via&secondText=Bunq :target: https://bunq.me/tijme/0/Automated%20client-side%20template%20injection%20(sandbox%20escape%2Fbypass)%20detection%20for%20AngularJS :alt: Donate via Bunq

.. image:: https://raw.finnwea.com/shield/?typeKey=TravisBuildStatus&typeValue1=tijme/angularjs-csti-scanner&typeValue2=master&cache=1 :target: https://travis-ci.org/tijme/angularjs-csti-scanner :alt: Build Status

.. image:: https://raw.finnwea.com/shield/?firstText=License&secondText=MIT :target: https://github.com/tijme/angularjs-csti-scanner/blob/master/LICENSE.rst :alt: License: MIT

.. raw:: html

Angular Client-Side Template Injection Scanner

ACSTIS helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports scanning a single request but also crawling the entire web application for the AngularJS CSTI vulnerability.

Table of contents

  • Installation <#installation>__
  • Usage <#usage>__
  • Issues <#issues>__
  • License <#license>__

Installation

First make sure you're on Python 2.7/3.4 <https://www.python.org/>__ or higher. Then run the command below to install ACSTIS.

$ pip install https://github.com/tijme/angularjs-csti-scanner/archive/master.zip

Usage

Scan a single URL

acstis -d "https://finnwea.com/some/page/?category=23"

Scan a single URL (and verify that the alert pops)

acstis -vp -d "https://finnwea.com/some/page/?category=23"

Scan an entire domain

acstis -c -d "https://finnwea.com/"

Scan an entire domain (and stop if a vulnerability was found)

acstis -c -siv -d "https://finnwea.com/"

Trust the given certificate

acstis -d "https://finnwea.com/some/page/?category=23" -tc "/Users/name/Desktop/cert.pem"

All command line options

.. code:: text

usage: acstis [-h] -d DOMAIN [-c] [-vp] [-av ANGULAR_VERSION] [-vrl VULNERABLE_REQUESTS_LOG] [-siv] [-pmm] [-sos] [-soh] [-sot] [-md MAX_DEPTH] [-mt MAX_THREADS] [-iic] [-tc TRUSTED_CERTIFICATES]

required arguments: -d DOMAIN, --domain DOMAIN the domain to scan (e.g. finnwea.com)

optional arguments: -h, --help show this help message and exit -c, --crawl use the crawler to scan all the entire domain -vp, --verify-payload use a javascript engine to verify if the payload was executed (otherwise false positives may occur) -av ANGULAR_VERSION, --angular-version ANGULAR_VERSION manually pass the angular version (e.g. 1.4.2) if the automatic check doesn't work -vrl VULNERABLE_REQUESTS_LOG, --vulnerable-requests-log VULNERABLE_REQUESTS_LOG log all vulnerable requests to this file (e.g. /var/logs/acstis.log or urls.log) -siv, --stop-if-vulnerable (crawler option) stop scanning if a vulnerability was found -pmm, --protocol-must-match (crawler option) only scan pages with the same protocol as the startpoint (e.g. only https) -sos, --scan-other-subdomains (crawler option) also scan pages that have another subdomain than the startpoint -soh, --scan-other-hostnames (crawler option) also scan pages that have another hostname than the startpoint -sot, --scan-other-tlds (crawler option) also scan pages that have another tld than the startpoint -md MAX_DEPTH, --max-depth MAX_DEPTH (crawler option) the maximum search depth (default is unlimited) -mt MAX_THREADS, --max-threads MAX_THREADS (crawler option) the maximum amount of simultaneous threads to use (default is 20) -iic, --ignore-invalid-certificates (crawler option) ignore invalid ssl certificates -tc TRUSTED_CERTIFICATES, --trusted-certificates TRUSTED_CERTIFICATES (crawler option) trust this CA_BUNDLE file (.pem) or directory with certificates

Authentication, Cookies, Headers, Proxies & Scope options

These options are not implemented in the command line interface of ACSTIS. Please download the extended.py <https://github.com/tijme/angularjs-csti-scanner/blob/master/extended.py>_ script and extend it with one or more of the following code snippets. You can paste these code snippets in the main() method of the extended.py script.

Please note: if you use the extended.py file make sure you call python extended.py [your arguments] instead of acstis [your arguments].

Basic Authentication

.. code:: python

options.identity.auth = HTTPBasicAuth("username", "password")

Digest Authentication

.. code:: python

options.identity.auth = HTTPDigestAuth("username", "password")

Cookies

.. code:: python

options.identity.cookies.set(name='tasty_cookie', value='yum', domain='finnwea.com', path='/cookies')
options.identity.cookies.set(name='gross_cookie', value='blech', domain='finnwea.com', path='/elsewhere')

Headers

.. code:: python

options.identity.headers.update({
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
})

Proxies

.. code:: python

options.identity.proxies = {
    # No authentication
    # 'http': 'http://host:port',
    # 'https': 'http://host:port',

    # Basic authentication
    # 'http': 'http://user:[email protected]:port',
    # 'https': 'https://user:[email protected]:port',

    # SOCKS
    'http': 'socks5://user:[email protected]:port',
    'https': 'socks5://user:[email protected]:port'
}

Scope options

.. code:: python

options.scope.protocol_must_match = False

options.scope.subdomain_must_match = True

options.scope.hostname_must_match = True

options.scope.tld_must_match = True

options.scope.max_depth = None

options.scope.request_methods = [
    Request.METHOD_GET,
    Request.METHOD_POST,
    Request.METHOD_PUT,
    Request.METHOD_DELETE,
    Request.METHOD_OPTIONS,
    Request.METHOD_HEAD
]

Testing

The testing can and will automatically be done by Travis CI <https://travis-ci.org/tijme/angularjs-csti-scanner>__ on every push. If you want to manually run the unit tests, use the command below.

$ python -m unittest discover

Issues

Issues or new features can be reported via the GitHub issue tracker. Please make sure your issue or feature has not yet been reported by anyone else before submitting a new one.

License

ACSTIS is open-sourced software licensed under the MIT license <https://github.com/tijme/angularjs-csti-scanner/blob/master/LICENSE.rst>__.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].