Crimson is a tool that automates some of the Pentester or Bug Bounty Hunter tasks.
It uses many open source tools, most of them are available for download from github.
- crimson_recon - automates the process of domain reconnaissance.
- crimson_target - automates the process of urls reconnaissance.
- crimson_exploit - automates the process of bug founding.
This module can help you if you have to test big infrastructure or you are trying to earn some bounties in *.scope.com domain. It includes many web scraping and bruteforcing tools.
This module covers one particular domain chosen by you for testing.
It uses a lot of vulnerability scanners, web scrapers and bruteforcing tools.
This module uses a number of tools to automate the search for certain bugs in a list of urls.
Tested on Linux Mint and Kali Linux.
git clone https://github.com/Karmaz95/crimson.git
cd crimson
chmod +x install.sh
./install.shAdd below line to your .bashrc / .zshrc etc.
export GOPATH=$HOME/go
export PATH="$HOME/bin:$HOME/.local/bin:$HOME/go/bin:$HOME/tools:$PATH"Install Burp Suite and extensions listed below in section Burp Suite extensions.
./crimson_recon "domain.com"- If you are interested in how this module works, I encourage you to study the source code.
- I tried to describe in the comments how the individual tools works.
- Additionally, you can learn more about
crimson_reconmodule by reading my article at medium
./crimson_target -d "example.domain.com" -c "Cookie: auth1=123;"- If you are interested in how this module works, I encourage you to study the source code.
- I tried to describe in the comments how the individual tools works.
- Additionally, you can learn more about
crimson_targetmodule by reading my article at medium
♦️ Third module needs subdomain name with your collaborator and vps ip. You can additionally put authorization cookie and if you want to fuzz all the urls use the -x flag. ♦️
./crimson_exploit -D "example.domain.com" -c "Cookie: auth1=123;" -d "collaborator.com" -i "ip" -x- If you are interested in how this module works, I encourage you to study the source code.
- I tried to describe in the comments how the individual tools works.
- Additionally, you can learn more about
crimson_exploitmodule by reading my article at medium
There are some useful tools in the scripts directory that I have written that are worth checking out.
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
The following tools are used in
crimson. I encourage you to study the links below, they will definitely help you in your work. Especially checkBurp Suite extensions, because all gathered resources are proxied to Burp Suite, where they are further tested.
- waybackurls
- Paramspider
- getallurls
- wfuzz
- ffuf
- feroxbuster
- sitemap-urls
- gospider
- hakrawler
- galer
- getJS
- httpx
- zile
- relative-url-extractor
- crimson_backuper
- nikto
- wapiti
- CorsMe
- subjack
- XSRFPROBE
- DirDar
- XSStrike
- Smuggler
- hbh-header-abuse-test
- broken-link-checker
- sqlmap
- CRLFuzz
- ysoserial
- ysoserial.net
- jwt-tool
- dalfox
- metasploit
- testssl.sh
- crimson_deserializator
- crimson_oobtester
- crimson_rewriter
- crimson_templator
- qsreplace
- anew
- unfurl
- wine
- exploit-database
- Search-That-Hash
- clever_ffuf
- crimson_opener
- crimson_paramjuggler
- tldextract
- ActiveScan++
- UploadScanner
- Wayback Machine
- Taborator
- Software Version Reporter
- Software Vulnerability Scanner
- Turbo Intruder
- SameSite Reporter
- Same Origin Method Execution
- Retire.js
- Reflected Parameters
- PHP Object Injection Check
- NoSQLi Scanner
- NGINX Alias Traversal
- JS Link Finder
- Java Deserialization Scanner
- J2EEScan
- Logger++
- Freddy, Deserialization Bug Finder
- Error Message Checks
- Detect Dynamic JS
- CSP-Bypass
- CSRF Scanner
- Collaborator Everywhere
- Cloud Storage Tester
- Backslash Powered Scanner
- AWS Security Checks
- Anonymous Cloud, Configuration and Subdomain Takeover Scanner
- Additional Scanner Checks
- Param Miner
- HTTP Request Smuggler
- Auth Analyzer
- Web Cache Deception Scanner
- Attack Surface Detector
- Autowasp
- InQL - Introspection GraphQL Scanner
- ViewState Editor
- Paramalyzer
- ExifTool Scanner
- Similar Request Excluder
- .NET Beautifier
This program is free software: you can redistribute it and/or modify it under the terms of the Apache license. Crimson and any contributions are Copyright © by Karol Mazurek 2020-2021.
