{"id":25639799,"url":"https://github.com/swatv3nub/grimpriv","last_synced_at":"2025-10-13T10:34:22.835Z","repository":{"id":133576540,"uuid":"325274016","full_name":"swatv3nub/GrimPriv","owner":"swatv3nub","description":"GRIM - Information Gathering and Vulnerability Scanning Tool","archived":false,"fork":false,"pushed_at":"2025-02-18T08:38:44.000Z","size":58,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"Alpha","last_synced_at":"2025-04-15T01:41:03.485Z","etag":null,"topics":["enumeration","web"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/swatv3nub.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-12-29T11:55:29.000Z","updated_at":"2025-02-18T08:55:05.000Z","dependencies_parsed_at":null,"dependency_job_id":"687c7b01-173a-4533-85fb-bcff27db51d1","html_url":"https://github.com/swatv3nub/GrimPriv","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/swatv3nub/GrimPriv","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swatv3nub%2FGrimPriv","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swatv3nub%2FGrimPriv/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swatv3nub%2FGrimPriv/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swatv3nub%2FGrimPriv/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/swatv3nub","download_url":"https://codeload.github.com/swatv3nub/GrimPriv/tar.gz/refs/heads/Alpha","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swatv3nub%2FGrimPriv/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279014641,"owners_count":26085555,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-13T02:00:06.723Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["enumeration","web"],"created_at":"2025-02-23T03:47:26.809Z","updated_at":"2025-10-13T10:34:22.818Z","avatar_url":"https://github.com/swatv3nub.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GRIM - Information Gathering and Vulnerability Scanning Tool\n\n## Features\n\n### Information Gathering\n- WHOIS Lookup\n- GeoIP Lookup\n- HTTP Headers\n- DNS Lookup\n- Subnet Calculation\n- Nmap Port Scan\n- Sub-domain Finder\n- Reverse IP Lookup\n\n### Vulnerability Scanning\n- SQL Injection Detection\n- Cross-Site Scripting (XSS) Detection\n- Directory Traversal Detection\n- Remote File Inclusion (RFI) Detection\n- Local File Inclusion (LFI) Detection\n- Server-Side Request Forgery (SSRF) Detection\n- Email Header Injection Detection\n- Command Injection Detection\n- Cross-Site Request Forgery (CSRF) Detection\n- Insecure Direct Object References (IDOR) Detection\n- Open Redirect Detection\n- XML External Entity (XXE) Detection\n\n#### Vulnerability Scanning Details\n- **SQL Injection**: Tests for SQL errors using common payloads\n- **XSS**: Tests for reflected XSS using script payloads\n- **Directory Traversal**: Tests for file system access using path traversal payloads\n- **RFI**: Tests for remote file inclusion using external URL payloads\n- **LFI**: Tests for local file inclusion using system file paths\n- **SSRF**: Tests for server-side request forgery using internal network payloads\n- **Email Header Injection**: Tests for CRLF injection and email header manipulation vulnerabilities\n- **Command Injection**: Tests for OS command execution vulnerabilities using system command payloads\n- **CSRF**: Checks for missing CSRF tokens in forms and state-changing requests\n- **IDOR**: Tests for insecure direct object references by comparing responses to different resource IDs\n- **Open Redirect**: Tests for unsafe redirects using external domain payloads\n- **XXE**: Tests for XML external entity injection using malicious XML payloads\n\nAll scans provide color-coded results:\n- Red: Potential vulnerability found\n- Green: No vulnerability detected\n\n### Crawling\n- Admin Panel Discovery\n- Backup File Discovery\n- General Site Crawling\n\n## Usage\n\n1. Clone the repository\n2. Run `php grim.php`\n3. Enter the target website (without http/https)\n4. Select scanning options\n\n### New Vulnerability Scanning Features\n\n#### XSS Detection\nGRIM now tests for Cross-Site Scripting vulnerabilities using common payloads:\n- `\u003cscript\u003ealert(1)\u003c/script\u003e`\n- `\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e`\n\n#### Directory Traversal Detection\nGRIM checks for directory traversal vulnerabilities using test patterns:\n- `../../../../etc/passwd`\n- `../index.php`\n\nThe scanner will report potential vulnerabilities with color-coded results:\n- Red: Potential vulnerability found\n- Green: No vulnerability detected\n\n## Requirements\n- PHP 7.0+\n- cURL extension\n- DOM extension\n\n## Installation\n```bash\nsudo apt-get install php-curl php-xml\ngit clone https://github.com/swatv3nub/grim\ncd grim\nphp grim.php\n```\n\n## To-Do\n- Improve crawling functionality\n- Add more vulnerability tests\n- Enhance user interface\n- Implement a database for storing scan results\n- ~~(IMPORTANT) Make the Vulnerability scanning a optional feature (toggle to enable or disable)~~\n- Add a feature to save the scan results to a file\n- Improve the user interface for the admin panel discovery\n\n## License\nMIT License\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswatv3nub%2Fgrimpriv","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fswatv3nub%2Fgrimpriv","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswatv3nub%2Fgrimpriv/lists"}