Skip to content

alifrd/Lacher-Lizard

Repository files navigation

Security Crawler




About

security crawler can crawling all urls of website by set in seed(website url), extract signature(pattern) each of them and choose uniqe signtures as target for penterate...at least you can test sql injection or xss for target urls...or you can improve it :)

✔ presentation slide in Slideshare
✔ for more Introduction , see Film in Youtbe

Lacher Film



SIGN MEANS

abc.com/news/123da224/%8c%4d../weather-middle-east => abc.com/news/randnum/encoded/title



FrameWorks & APPS

crawler core written from bucky roberts Spider's (Most of it changed) and sql injection & xss testing with sqlmap and arachni scanner framworks

Spider GitHub

Sqlmap GitHub

Arachni Site



About US

I'm Ali Farhadian who are responsible for coding of this Thesis project at Urmia University of Technology (UUT)
This project is under the supervision of Dr. Mir Saman Tajbakhsh.

Amir Goodarzi is the designer of Lacher-Lizard's logo.

How to Install

step 1:

download Arachni framework's and move content of arachni_[sub version number] , in /include/arachni/[move here] dirctory

Notice:

you must have below directory:
./include/arachni/bin/...
./include/arachni/system/...
./include/arachni/LICENSE
....

step 2:

install sqlmap in your pc



Config file

at ./config file in config.json

  • ProjectName : name of project

  • URL : url of project

  • Setting

    • Mode : SLOW / FAST (explore repeated urls signutre or repeated signture)

    • MiddleWare : NORMAL / PROXY / SOCKS (use my ip / proxy ip(in ./config/proxy.json) , each thread use one proxy that means you must set proxy in order to you'r setting threads / socks encrypte)

    • SIGN : DEPTH / NORMAL (explore sing state tree)

  • ThreadNumber : number of threads

  • SQLMAP :

    • manaul : for manual setting

    • threads : sqlmap app threads

    • timeout : time of app request , response timeout

    • answer : auto answer question of app

  • XSS :

    • path : path directory of arachni file

    • manual : for manual setting





Ask and You Will learn [~Imam Ali]

About

Web path penetrate

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages