security crawler can crawling all urls of website by set in seed(website url), extract signature(pattern) each of them and choose uniqe signtures as target for penterate...at least you can test sql injection or xss for target urls...or you can improve it :)
✔ presentation slide in Slideshare
✔ for more Introduction , see Film in Youtbe
abc.com/news/123da224/%8c%4d../weather-middle-east => abc.com/news/randnum/encoded/title
crawler core written from bucky roberts Spider's (Most of it changed) and sql injection & xss testing with sqlmap and arachni scanner framworks
Spider GitHub
Sqlmap GitHub
Arachni Site
I'm Ali Farhadian who are responsible for coding of this Thesis project at Urmia University of Technology (UUT)
This project is under the supervision of Dr. Mir Saman Tajbakhsh.
Amir Goodarzi is the designer of Lacher-Lizard's logo.
- Ali Farhadian GitHub
- Mir Saman Tajbakhsh Personal Website GitHub
- Amir Goodarzi Github
- Urmia University of Technology (UUT) Website
download Arachni framework's and move content of arachni_[sub version number] , in /include/arachni/[move here] dirctory
Notice:
you must have below directory:
./include/arachni/bin/...
./include/arachni/system/...
./include/arachni/LICENSE
....
install sqlmap in your pc
at ./config file in config.json
-
ProjectName : name of project
-
URL : url of project
-
Setting
-
Mode : SLOW / FAST (explore repeated urls signutre or repeated signture)
-
MiddleWare : NORMAL / PROXY / SOCKS (use my ip / proxy ip(in ./config/proxy.json) , each thread use one proxy that means you must set proxy in order to you'r setting threads / socks encrypte)
-
SIGN : DEPTH / NORMAL (explore sing state tree)
-
-
ThreadNumber : number of threads
-
SQLMAP :
-
manaul : for manual setting
-
threads : sqlmap app threads
-
timeout : time of app request , response timeout
-
answer : auto answer question of app
-
-
XSS :
-
path : path directory of arachni file
-
manual : for manual setting
-
Ask and You Will learn [~Imam Ali]