GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ethicalhackingplayground → erebus

ethicalhackingplayground / erebus

Licence: GPL-3.0 License
Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.

Programming Languages

go
31211 projects - #10 most used programming language

Labels

vulnerability-detectionvulnerability-assessmentvulnerability-scannererebus-engineparameter-testing

Projects that are alternatives of or similar to erebus

Rapidscan
🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (+976.39%)
Mutual labels:  vulnerability-detection, vulnerability-assessment, vulnerability-scanner
Vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+12183.33%)
Mutual labels:  vulnerability-detection, vulnerability-assessment, vulnerability-scanner
Xattacker
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (+1145.83%)
Mutual labels:  vulnerability-detection, vulnerability-assessment, vulnerability-scanner
Nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
Stars: ✭ 6,307 (+8659.72%)
Mutual labels:  vulnerability-detection, vulnerability-assessment, vulnerability-scanner
Marsnake
System Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems
Stars: ✭ 16 (-77.78%)
Mutual labels:  vulnerability-detection, vulnerability-scanner
Hellraiser
Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Stars: ✭ 413 (+473.61%)
Mutual labels:  vulnerability-detection, vulnerability-assessment
Vulnx
vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}
Stars: ✭ 1,009 (+1301.39%)
Mutual labels:  vulnerability-detection, vulnerability-assessment
Burpbounty
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
Stars: ✭ 1,026 (+1325%)
Mutual labels:  vulnerability-detection, vulnerability-scanner
Openvas Scanner
Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)
Stars: ✭ 1,056 (+1366.67%)
Mutual labels:  vulnerability-detection, vulnerability-assessment
Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+12590.28%)
Mutual labels:  vulnerability-detection, vulnerability-assessment
Cve Search
cve-search - a tool to perform local searches for known vulnerabilities
Stars: ✭ 1,765 (+2351.39%)
Mutual labels:  vulnerability-detection, vulnerability-assessment
Securitymanageframwork
Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
Stars: ✭ 378 (+425%)
Mutual labels:  vulnerability-detection, vulnerability-assessment
Arissploit
Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
Stars: ✭ 114 (+58.33%)
Mutual labels:  vulnerability-detection, vulnerability-scanner
Vulscan
Advanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+3101.39%)
Mutual labels:  vulnerability-detection, vulnerability-assessment
Killshot
A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
Stars: ✭ 237 (+229.17%)
Mutual labels:  vulnerability-detection, vulnerability-scanner
Xunfeng
巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
Stars: ✭ 3,131 (+4248.61%)
Mutual labels:  vulnerability-detection, vulnerability-assessment
avain
A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks
Stars: ✭ 56 (-22.22%)
Mutual labels:  vulnerability-detection, vulnerability-scanner
Nerve
NERVE Continuous Vulnerability Scanner
Stars: ✭ 267 (+270.83%)
Mutual labels:  vulnerability-detection, vulnerability-assessment
Vailyn
A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
Stars: ✭ 103 (+43.06%)
Mutual labels:  vulnerability-detection, vulnerability-assessment
Rebel Framework
Advanced and easy to use penetration testing framework 💣🔎
Stars: ✭ 183 (+154.17%)
Mutual labels:  vulnerability-detection, vulnerability-assessment
View All Similar Projects ➔


Erebus

Fast and customisable parameter based vulnerability scanner based on simple YAML Rules

HowInstallTemplatesInterceptorUsageJoin Discord

Erebus is used to test every parameter across targets based on Yaml templates leading to zero false positives and providing fast scanning on large number of hosts. Erebus offers many useful features including an intercepting proxy which allows researchers to browse the web, click on links and erebus will test every parameter that passes through the proxy.

We have a dedicated repository that houses various types of vulnerability templates.

How templates work

yaml-templates-flow

Install Erebus

▶  GO111MODULE=off go get -u -v github.com/ethicalhackingplayground/erebus/erebus

Install Templates

▶  erebus -ut

Erebus Templates

Erebus has had built-in support for automatic update/download templates (https://github.com/ethicalhackingplayground/erebus/releases/latest). Erebus-Templates project provides a community-contributed list of ready-to-use templates that can be used with part of your testing.

You may use the -ut flag to update the nuclei templates at any time.

Setup Erebus Interceptor

Make sure to setup a proxy in your browser before you use the erebus interceptor for firefox go to

Settings General Network Settings Manual proxy configuration

type in 127.0.0.1 in HTTP Proxy then for the port type in 8080 make sure to enable Also use this proxy for FTP and HTTPS

Install the SSL Certificates to use HTTPS

I have provided the certificates for you to use for HTTPS testing, all you need to do is install these by:

Settings Privacy & Security Certificates View Certificates Import

Select the .crt file in the erebus directory and proceed by trusting and installing.

Usage

erebus -h

This will display help for the tool. Here are all the switches it supports.

👉 erebus help menu 👈 
Usage of erebus:
  -burp-sitemap string
        scan burp xml sitemap (without base64 decoded)
  -c int
        the number of concurrent requsts (default 100)
  -crawl
        crawl through each intercepted request
  -depth int
        the crawl depth (default 5)
  -interceptor
        intercept the requests through the proxy and test each parameter
  -o string
        output results to a file
  -p string
        the port on which the interception proxy will listen on (default "8080")
  -scope string
        the scope for the proxy intercetor
  -secure
        determaines if the connection is secure or not
  -silent
        silent (only show vulnerable urls)
  -t string
        use the templates with all our yaml rules instead
  -tc string
        Use other tools by executing an os command (default "qsreplace")
  -ut
        Install or update the erebus-templates

Usage

Here are a few examples on how to use the erebus scanner for part of your testing.

Intercept and Crawl on HTTP

Scanning for XSS vulnerabilities using the intercepting proxy with all of paypal inscope while crawling on HTTP domains.

▶ erebus -t erebus-templates/xss-reflected.yaml -interceptor -crawl -scope ".*.\.paypal.com"

Intercept and Crawl on HTTPS

Scanning for XSS vulnerabilities using the intercepting proxy with all of paypal inscope while crawling on HTTPS domains.

▶ erebus -t erebus-templates/xss-reflected.yaml -interceptor -crawl -secure -scope ".*.\.paypal.com"

Tool Chaining Usage

Scanning for XSS vulnerabilities across range of subdomains using subfinder and Gau

echo "paypal.com" | gau | erebus -t erebus-templates/xss-reflected.yaml

Scan subdomains from a file in the format https:// or http://

▶ cat alive | gau | erebus -t erebus-templates/xss-reflected.yaml

asciicast

License

Erebus is distributed under GPL-3.0 License

Join Discord

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].