Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/s0md3v/bolt

CSRF Scanner
https://github.com/s0md3v/bolt

csrf csrf-scanner xsrf

Last synced: 2 days ago
JSON representation

CSRF Scanner

Host: GitHub
URL: https://github.com/s0md3v/bolt
Owner: s0md3v
License: gpl-3.0
Created: 2018-12-29T21:35:36.000Z (about 6 years ago)
Default Branch: master
Last Pushed: 2024-06-28T06:36:05.000Z (7 months ago)
Last Synced: 2025-01-11T10:09:43.190Z (9 days ago)
Topics: csrf, csrf-scanner, xsrf
Language: Python
Homepage:
Size: 85.9 KB
Stars: 552
Watchers: 26
Forks: 124
Open Issues: 5
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

Bolt

A dumb CSRF scanner

![demo](https://i.ibb.co/mTtHTGP/Screenshot-2018-12-30-03-42-26.png)

### Important
Bolt is in beta phase of development which means there can be bugs. Any production use of this tool discouraged.
Pull requests and issues are welcome. I also suggest you to put this repo on watch if you are interested in it.

### Workflow

#### Crawling
Bolt crawls the target website to the specified depth and stores all the HTML forms found in a database for further processing.

#### Evaluating
In this phase, Bolt finds out the tokens which aren't strong enough and the forms which aren't protected.

##### Comparing
This phase focuses on detection on replay attack scenarios and hence checks if a token has been issued more than one time.
It also calculates the average [levenshtein distance](https://en.wikipedia.org/wiki/Levenshtein_distance) between all the tokens to see if they are similar.\
Tokens are also compared against a database of 250+ hash patterns.

##### Observing
In this phase, 100 simultaneous requests are made to a single webpage to see if same tokens are generated for the requests.

##### Testing
This phase is dedicated to active testing of the CSRF protection mechanism. It includes but not limited to checking if protection exsists for moblie browsers, submitting requests with self-generated token and testing if token is being checked to a certain length.

##### Analysing
Various statistical checks are performed in this phase to see if the token is really random.
Following tests are performed during this phase
- Monobit frequency test
- Block frequency test
- Runs test
- Spectral test
- Non-overlapping template matching test
- Overlapping template matching test
- Serial test
- Cumultative sums test
- Aproximate entropy test
- Random excursions variant test
- Linear complexity test
- Longest runs test
- Maurers universal statistic test
- Random excursions test

### Usage

Scanning a website for CSRF using Bolt is as easy as doing
```
python3 bolt.py -u https://github.com -l 2
```
Where `-u` is used to supply the URL and `-l` is used to specify the depth of crawling.

Other options and switches:

- `-t` number of threads
- `--delay` delay between requests
- `--timeout` http request timeout
- `--headers` supply http headers

#### Credits
Regular Expressions for detecting hashes are taken from [hashID](https://github.com/psypanda/hashID).\
Bit level entropy tests are taken from [highfestiva](https://github.com/highfestiva)'s python implementation of statistical tests.