https://github.com/evilsocket/altair

A Modular Web Vulnerability Scanner
https://github.com/evilsocket/altair

Last synced: 5 months ago
JSON representation

A Modular Web Vulnerability Scanner

• Host: GitHub
• URL: https://github.com/evilsocket/altair
• Owner: evilsocket
• License: gpl-3.0
• Created: 2011-01-23T09:23:50.000Z (about 15 years ago)
• Default Branch: master
• Last Pushed: 2011-01-24T23:18:04.000Z (about 15 years ago)
• Last Synced: 2024-12-30T21:41:37.003Z (about 1 year ago)
• Language: Python
• Homepage: http://www.evilsocket.net
• Size: 180 KB
• Stars: 49
• Watchers: 5
• Forks: 22
• Open Issues: 2
• Metadata Files:
  • Readme: README
  • License: LICENSE

Awesome Lists containing this project

README

          
ALTAIR - A Modular Web Vulnerability Scanner

Copyleft by Simone Margaritelli 

http://www.evilsocket.net - http://www.backbox.org

Usage: altair [options] -u 

EXAMPLES:

  altair --filter=lfi,rfi --url=http://www.somesite.com

  altair --filter=sqli --load-modules=sqlmap --url=http://www.somesite.com

Options:

  -h, --help            show this help message and exit

  -t THREADS, --threads=THREADS

                        Max simultaneous threads.

  -e ALLOWEDEXTENSIONS, --ext=ALLOWEDEXTENSIONS

                        Comma separated allowed extensions.

  -a USERAGENT, --ua=USERAGENT

                        Custom user agent.

  -d, --enable-delay    Enable crawling delay.

  -s CRAWLDELAY, --crawl-delay=CRAWLDELAY

                        Crawling delay in ms.

  -m MAXDIRECTORYDEPTH, --max-depth=MAXDIRECTORYDEPTH

                        Max directory depth.

  -p, --enable-proxy    Enable proxy support.

  -S PROXYSERVER, --proxy-server=PROXYSERVER

                        Proxy server address.

  -P PROXYPORT, --proxy-port=PROXYPORT

                        Proxy server port.

  -f KBFILTER, --filter=KBFILTER

                        Comma separated ids of vulnerabilities to test,

                        default to all, use the --list-ids flag to enumerate

                        available ids.

  -I, --list-ids        Print a list of available ids in the knowledge base to

                        be used with the --filter flag.

  -k KBFILE, --kb=KBFILE

                        Knowledge base file to use, default kb.xml.

  -L MODULES, --load-modules=MODULES

                        Comma separated modules names to load or 'all' to load

                        them all, use the --list-modules flag to a list of

                        available modules.

  -M, --list-modules    Print a list of available modules.

  -u URL, --url=URL     Url to test, mandatory.

  -O OUTFILE, --output=OUTFILE

                        Output status and result to file.

  --import-files=IMPORTFILES

                        Import sensitive files list from this file.

  --import-dirs=IMPORTDIRS

                        Import sensitive directories list from this file.

  --single-mode         Single url mode, scan only this url for

                        vulnerabilities (the URL has to have at least one

                        parameter).

----------------------------------------------------------------------------------------

[evilsocket@shinigami altair] ./altair.py -I

[xss] Cross Site Scriptings :

A cross site scripting vulnerability, also known as XSS, is one of the most common vulnerabilities in web apps. The server does not check the users' input, and parses GET variables (can be done also through POST sometimes), without sanitizing them ahead of time. This allows users to inject html, javascript, or other code, through the page affected by this kind of bug. These injections occur client side (the server side code will be not modified), but the html stream that the user receives will contain the injected code . Usually this type of flaw is used to obtain private data such as cookies, data that often contains the credentials to access protected pages.

[sqli] SQL Injections :

An SQL injection, or SQL code injection, is another example of how a lack of checking user inputed data can undermine our site's security. Nowadays 90% of existing websites rely on a database to store contents such as news, articles, or simply to manage the users; this means that if not placed through an accurate checking process, the data send from an attacker can affect the information present in our database. An SQL injection, as the name itself suggests, is made by injecting arbitrary sql code in a variable sent to the website, both GET or POST, to obtain data from the db, data that would not be normally accessible .

[rfi] Remote File Inclusions :

A remote file inclusion happens when a page includes a file whose name is taken from a GET or POST variable that is not sanitized or checked ahead of time .

[lfi] Local File Inclusions :

A local file inclusion happens when a page includes a file whose name is taken from a GET or POST variable that is not sanitized or checked ahead of time .

[files] Sensitive Files :

Potential sensitive file .

[dirs] Sensitive Directories :

Potential sensitive directory .

----------------------------------------------------------------------------------------

[evilsocket@shinigami altair] altair -M

[+] 'lfier' by Simone Margaritelli  : This module will try to read some standard system files upon LFI vulnerabilities.

[+] 'sqlmap' by Simone Margaritelli  : This module will ask the user to launch sqlmap when a sql injection is found.