-
Notifications
You must be signed in to change notification settings - Fork 78
/
Copy pathBappDescription.html
18 lines (15 loc) · 2.48 KB
/
BappDescription.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
<p><b>Agartha</b>, specializes in advance payload generation and access control assessment. It adeptly identifies vulnerabilities related to injection attacks, and authentication/authorization issues. The dynamic payload generator crafts extensive wordlists for various injection vectors, including SQL Injection, Local File Inclusion (LFI), and Remote Code Execution(RCE). Furthermore, the extension constructs a comprehensive user access matrix, revealing potential access violations and privilege escalation paths. It also assists in performing HTTP 403 bypass checks, shedding light on auth misconfigurations. Additionally, it can convert HTTP requests to JavaScript code to help digging up XSS issues more.</p>
<p>In summary:</p>
<ul>
<li><b>'Payload Generator'</b>: It dynamically constructs comprehensive wordlists for injection attacks, incorporating various encoding and escaping characters to enhance the effectiveness of security testing. These wordlists cover critical vulnerabilities such as SQL Injection, Local File Inclusion (LFI), and Remote Code Execution, making them indispensable for robust security testing.
<ul>
<li><b>Local File Inclusion, Path Traversal</b> helps identifying vulnerabilities that allow attackers to access files on the server's filesystem.</li>
<li><b>Remote Code Execution, Command Injection</b> aims to detects potential command injection points, enabling robust testing for code execution vulnerabilities.</li>
<li><b>SQL Injection</b> assists to uncover SQL Injection vulnerabilities, including Stacked Queries, Boolean-Based, Union-Based, and Time-Based.</li>
</ul>
</li>
<li><b>'Auth Matrix'</b>: By constructing a comprehensive access matrix, the tool reveals potential access violations and privilege escalation paths. This feature enhances security posture by addressing authentication and authorization issues. You can use the web <b>'Spider'</b> feature to generate a sitemap/URL list, and it will crawl visible links from the user's session automatically.</li>
<li><b>'403 Bypass'</b>: It aims to tackle common access restrictions, such as HTTP 403 Forbidden responses. It utilizes techniques like URL manipulation and request header modification to bypass implemented limitations.</li>
<li><b>'Copy as JavaScript'</b>: It converts Http requests to JavaScript code for further XSS exploitation and more.</li>
</ul>
<p>For additional information or to report any issues, please visit the <a href="https://github.com/volkandindar/agartha">project's homepage</a>.</p>