Gafhill - An Advanced Private Web Vulnerability Scanner + Source Code
gafhill - a private SQLi, XSS, RCE, OSC scanner written in bash.
Help:
gafhill is a standart Linux CLI tool running from the command line.
It's opensource, you can always look through to code.
gafhill comes with everything it needs packet with, there's no need to installation.
You can start tool by cd'ing in to the main directory and typing ./[COLOR=rgb(97, 189, 109)]gafhill.sh[/COLOR]
If you do not want to run tool with default options, you can always add '--help' flag to see help menu.
./[COLOR=rgb(97, 189, 109)]gafhill.sh[/COLOR] [COLOR=rgb(26, 188, 156)]--help[/COLOR]
Targeting:
After running, tool will ask you the target.
Target can be:
Single URL ; Example Domain
File ; /home/user/website_list.txt (file contains web sites line by line)
Dork ; inurl:".php?id=21" site:co.uk
Subdomain scanning:
gafhill will scan for subdomains by default, you do not need to add subdomains to file to scan.
If you want to turn this option off, simply run tool with '[COLOR=rgb(26, 188, 156)]--sing[/COLOR]
' flag.
CMSs:
gafhill will detect CMSs and separate them to a file for you to inspect them manually.
While file scanning or dorking, you don't need to worry about CMSs.
gafhill won't try payloading them knowing it won't work. (Only WordPress & Joomla, for now!)
SQLi:
gafhill will try to payload & detect obvious SQL errors pass to sqlmap first.
gafhill also very powerful at handling sqlmap commands and have a smart & auto scan.
you don't need to have sqlmap, gafhill pack have it, if you want you can update it by simply git cloning.
XSS:
gafhill will mass payload every parameter and try to grab specific string to validate the XSS vulnerability.
Rarely, this module gives false positives, but even this false positive leads you to the input you give is reflected to page!
That means, %90 of possibility website has XSS in that page, if it's not in the specific URL.
RCE & OSC:
Remote Command Execution and OS Command Injection modules are current beta, enabled by default but it checks for a simple payload.
If you see them found, it's probably reflected input, in the next update, we'll try to make them flawless!
Report:
Both in real time and when the scan is finished a beautiful CLI will guide you to the file gafhill generated for different vulnerabilities.
!WARNING!: POST vulnerabilities doesn't saved to generated file because we couldn't find a proper style to make it readable.
But don't worry you will still see them in the runtime CLI.
Trivia:
- gafhill can handle both GET & POST!
- In every run, gafhill creates a temporary file in the /tmp/
directory,
while tool starting it tells you where's the directory located.
You can go and find all crawled urls there.
You can use '--del
' option to make tool delete that temporary directory immediately when scan is finished.
Also you can use '--pur
' option to mass delete these temporary files, leftover from previous runs.
- Looking for SQLi? try '--sql-aut
' and '--sql-sma
' options while starting, this will make a good difference.
- If you're looking for weak websites, you can use '--crl-htp
' option and type a dork in the target(input) prompt,
This will make gafhill to only crawl HTTP protocol and not HTTPS!
- If you're scanning too many targets, don't forget to add '--ovln
' option to only print vulnerable urls (default: all)
- Not interested in POST? use '--dpos
' to not to scan POST requests.
- Beep beep! you can enable '--beep
' option to tool to make a beep sound when a vulnerability was found.
- Parameter multiplying takes a long time? use '--dmul
'. But Parameter multiplying is a special algorithm to go deeper in the parameters.
So think twice while turning this off.
Price is $300, Escrow only.
-
Tags
-
advanced
command
source code
temporary
vulnerability scanner
web