Dear list, I have released a new Captcha Intruder (CINtruder) code. It includes a complete Web User Interface (GUI) and some advanced features for: update, manage dictionaries, etc. http://ift.tt/2iklitx If you're not already familiar with CINtruder, please read the DESCRIPTION section below. [ DOWNLOAD ] You can download the new Captcha Intruder here: git clone http://ift.tt/2iydap0 http://ift.tt/2iBZpUh + http://ift.tt/2hQIO08 http://ift.tt/2iBRq9N + http://ift.tt/2hQMUVU [ DESCRIPTION ] Captcha Intruder is a free software[0] automatic pentesting tool to bypass captchas. It uses Optical Character Recognition (OCR)[1] techniques to process images into computer language and brute-forcing methods to compare them with a dictionary. To do that it only requires a few libraries: python-pycurl - Python bindings to libcurl python-libxml2 - Python bindings for the GNOME XML library python-imaging - Python Imaging Library sudo apt-get install python-pycurl python-libxml2 python-imaging Here are some of CINtruder's features: + Proxy Socks (for example, to connect to the TOR network) + Spoofed HTTP header values + Web User Interface (GUI) + Automatic update + Download captchas from url (tracking) + Apply different OCR algorithms (training + cracking) + Cracking captchas: local + remote + List/Set existing OCR specific modules (example provided) + Export results to XML + Replace suggested word on commands of another tool + [...] With Captcha Intruder a security researcher can solves a captcha on a form and pass that "cracked" parameter immediately to another tool. For example, if you want to launch a sqlmap to search for SQLi and there is a captcha, you can handler both tools like this (using flag: CINT): $ ./cintruder --crack "http://ift.tt/2iBOaLx" --tool "sqlmap -u http://ift.tt/2hQM9w8" [ SCREENSHOTS ] [http://ift.tt/2iBR3M8] Banner: http://ift.tt/2hQKK8G GUI-Training: http://ift.tt/2iBLcqj GUI-Cracking: http://ift.tt/2hQOFm0 [ EXAMPLES ] [http://ift.tt/2iBTUoy] * View help: ./cintruder --help * Update to latest version: ./cintruder --update * Launch web interface (GUI): ./cintruder --gui * Simple crack from url, with proxy TOR and verbose output: ./cintruder --crack "http://ift.tt/2iBOaLx" --proxy="http://127.0.0.1:8118" -v * Replace suggested word by CIntruder after cracking a remote url on commands of another tool (ex: "XSSer"): $ ./cintruder --crack "http://ift.tt/2iBOaLx" --tool "xsser -u http://ift.tt/2hQM9w8" [ DONATIONS ] This initiative depends on donations in order to be able to pay the server infrastructure. BTC: 19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw [ REFERENCES ] [0] http://ift.tt/2hQXQD1 [1] http://ift.tt/1Bb0yEx -
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment