{"id":13454530,"url":"https://github.com/0xInfection/XSRFProbe","last_synced_at":"2025-03-24T06:30:51.415Z","repository":{"id":39969736,"uuid":"145513029","full_name":"0xInfection/XSRFProbe","owner":"0xInfection","description":"The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.","archived":false,"fork":false,"pushed_at":"2025-02-04T18:41:10.000Z","size":763,"stargazers_count":1189,"open_issues_count":5,"forks_count":212,"subscribers_count":36,"default_branch":"master","last_synced_at":"2025-03-19T17:31:17.483Z","etag":null,"topics":["audit","crafted-tokens","crawler","csrf","csrf-attacks","csrf-poc","csrf-scanner","csrf-tokens","spider","token-generation","xsrf"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xInfection.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-08-21T05:49:28.000Z","updated_at":"2025-03-19T08:50:03.000Z","dependencies_parsed_at":"2022-06-25T19:38:39.514Z","dependency_job_id":"94ce84cc-6f05-42ad-8e09-36b1cb7bd1b7","html_url":"https://github.com/0xInfection/XSRFProbe","commit_stats":{"total_commits":539,"total_committers":8,"mean_commits":67.375,"dds":"0.15955473098330242","last_synced_commit":"b051d782fa8911721ef15aaecf1f924c28e019f4"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xInfection%2FXSRFProbe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xInfection%2FXSRFProbe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xInfection%2FXSRFProbe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xInfection%2FXSRFProbe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xInfection","download_url":"https://codeload.github.com/0xInfection/XSRFProbe/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245222252,"owners_count":20580117,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","crafted-tokens","crawler","csrf","csrf-attacks","csrf-poc","csrf-scanner","csrf-tokens","spider","token-generation","xsrf"],"created_at":"2024-07-31T08:00:55.052Z","updated_at":"2025-03-24T06:30:49.357Z","avatar_url":"https://github.com/0xInfection.png","language":"Python","funding_links":[],"categories":["Exploitation","Tools","\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","Python","Weapons","ابزارهای امنیتی"],"sub_categories":["CSRF","Offensive","\u003ca id=\"41ae40ed61ab2b61f2971fea3ec26e7c\"\u003e\u003c/a\u003e漏洞利用","CSRF Injection","Tools","کار با زمان و تقویم"],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003cbr\u003e\n  \u003ca href=\"https://github.com/0xinfection/xsrfprobe\"\u003e\u003cimg src=\"https://i.ibb.co/rQzpKk6/circle-cropped.png\" alt=\"xsrfprobe\"/\u003e\u003c/a\u003e\n  \u003cbr\u003e\n  \u003cbr\u003e\n  XSRFProbe\n\u003c/h1\u003e\n\u003ch4 align=\"center\"\u003eThe Prime Cross Site Request Forgery Audit \u0026 Exploitation Toolkit.\u003c/h4\u003e\n\u003cp align=\"center\"\u003e  \n  \u003ca href=\"https://docs.python.org/3/download.html\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Python-3.x-green.svg\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/0xinfection/XSRFProbe/releases\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Version-v2.3%20(stable)-blue.svg\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/0xinfection/XSRFProbe/blob/master/LICENSE\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/License-GPLv3-orange.svg\"\u003e\n  \u003c/a\u003e \n  \u003ca href=\"https://travis-ci.org/0xInfection/XSRFProbe\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Build-Passing-brightgreen.svg?logo=travis\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n### About:\n__XSRFProbe__ is an advanced [Cross Site Request Forgery](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)) (CSRF/XSRF) Audit and Exploitation Toolkit. Equipped with a powerful crawling engine and numerous systematic checks, it is able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate (maliciously) exploitable proof of concepts with each found vulnerability. For more info on how XSRFProbe works, see [XSRFProbe Internals](https://github.com/0xInfection/XSRFProbe/wiki#xsrfprobe-internals) on [wiki](https://github.com/0xInfection/XSRFProbe/wiki/). \n\n\u003cimg src=\"https://i.imgur.com/xTrfWSt.gif\" alt=\"xsrf-logo\"\u003e\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/0xinfection/xsrfprobe/wiki\"\u003eXSRFProbe Wiki\u003c/a\u003e •\n  \u003ca href=\"https://github.com/0xinfection/xsrfprobe/wiki/Getting-Started\"\u003eGetting Started\u003c/a\u003e •\n  \u003ca href=\"https://github.com/0xinfection/xsrfprobe/wiki/General-Usage\"\u003eGeneral Usage\u003c/a\u003e •\n  \u003ca href=\"https://github.com/0xinfection/xsrfprobe/wiki/Advanced-Usage\"\u003eAdvanced Usage\u003c/a\u003e •\n  \u003ca href=\"https://github.com/0xinfection/xsrfprobe/wiki/XSRFProbe-Internals\"\u003eXSRFProbe Internals\u003c/a\u003e •\n  \u003ca href=\"https://github.com/0xinfection/xsrfprobe#gallery\"\u003eGallery\u003c/a\u003e\n\u003c/p\u003e\n\n### Some Features:\n\n- [x] Performs [several types of checks](https://github.com/0xInfection/XSRFProbe/wiki/XSRFProbe-Internals#types-of-checks) before declaring an endpoint as vulnerable.\n- [x] Can detect several types of Anti-CSRF tokens in POST requests.\n- [x] Works with a powerful crawler which features continuous crawling and scanning.\n- [x] Out of the box support for custom cookie values and generic headers.\n- [x] Accurate [Token-Strength Detection](https://github.com/0xInfection/XSRFProbe/wiki/XSRFProbe-Internals#token-randomness-calculation) and [Analysis](https://github.com/0xInfection/XSRFProbe/wiki/XSRFProbe-Internals#post-scan-token-analysis) using various algorithms.\n- [x] Can generate both normal as well as maliciously exploitable CSRF proof of concepts.\n- [x] Well [documented code](https://github.com/0xInfection/XSRFProbe/tree/master?files=1) and [highly generalised automated workflow](https://github.com/0xInfection/XSRFProbe/wiki#xsrfprobe-internals).\n- [x] The user is in [control of everything](https://github.com/0xInfection/XSRFProbe/wiki/Advanced-Usage#xsrfprobe-configuration-variables) whatever the scanner does.\n- [x] Has a user-friendly interaction environment with full verbose support.\n- [x] Detailed logging system of errors, vulnerabilities, tokens and other stuffs.\n\n### Gallery:\nLets see some real-world scenarios of XSRFProbe in action:\n\n\u003cimg src=\"https://i.imgur.com/AAE1HrE.gif\" width=50% /\u003e\u003cimg src=\"https://i.imgur.com/TJt103P.gif\" width=50% /\u003e\n\u003cimg src=\"https://i.imgur.com/yzyvXHX.gif\" /\u003e\n\u003cimg src=\"https://i.imgur.com/MhTucgI.gif\" width=50% /\u003e\u003cimg src=\"https://i.imgur.com/gcfZ9zQ.gif\" width=50% /\u003e\n\n### Usage:\n\u003e For the full usage info, please take a look at the wiki's \u0026mdash; [General Usage](https://github.com/0xinfection/xsrfprobe/wiki/general-usage) and [Advanced Usage](https://github.com/0xinfection/xsrfprobe/wiki/advanced-usage).\n\n#### Installing via Pypi:\nXSRFProbe can be easily installed via a single command:\n```\npip install xsrfprobe\n```\n\n#### Installing manually:\n- For the basics, the first step is to install the tool:\n```\npython3 setup.py install\n```\n- Now, the tool can be fired up via:\n```\nxsrfprobe --help\n```\n- After testing XSRFProbe on a site, an output folder is created in your present working directory as `xsrfprobe-output`. Under this folder you can view the detailed logs and information collected during the scans.\n\n### Version and License:\nXSRFProbe `v2.3` release is a `Stage 5 Production-Ready (Stable)` release and the work is licensed under the [GNU General Public License (GPLv3)](https://www.gnu.org/licenses/gpl-3.0.en.html).\n\n### Warnings:\n\nDo not use this tool on a live site!\n\nIt is because this tool is designed to perform all kinds of form submissions automatically which can sabotage the site. Sometimes you may screw up the database and most probably perform a DoS on the site as well.\n\nTest on a disposable/dummy setup/site!\n\n### Disclaimer:\nUsage of XSRFProbe for testing websites without prior mutual consistency can be considered as an illegal activity. It is the final user's responsibility to obey all applicable local, state and federal laws. The author assumes no liability and is not exclusively responsible for any misuse or damage caused by this program.\n\n### Author's Words:\nThis project is based __entirely upon my own research and my own experience with web applications__ on Cross-Site Request Forgery attacks. You can try going through the source code which is highly documented to help you understand how this toolkit was built. Useful [pull requests](https://github.com/0xInfection/XSRFProbe/wiki/Contributing), [ideas and issues](https://github.com/0xInfection/XSRFProbe/wiki/Reporting-Bugs#before-submitting) are highly welcome. If you wish to see what how XSRFProbe is being developed, check out the [Development Board](https://github.com/0xInfection/XSRFProbe/projects/1).\n\n\u003e Copyright \u0026copy; [@0xInfection](https://www.twitter.com/0xInfection)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xInfection%2FXSRFProbe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xInfection%2FXSRFProbe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xInfection%2FXSRFProbe/lists"}