callbacks.issueAlert("The extension has been loaded.")
37
37
self.tableMatrixReset(self)
38
-
print "Agartha(v" + VERSION + ") is a security tool for:\n\t\t* Local File Inclusion, Directory Traversal\n\t\t* Command Injection, RCE\n\t\t* SQL Injections\n\t\t* Access Violations, Authentication/Authorization Matrix\n\t\t* Http request to Javascript conversion\n\nFor more information and tutorialhowtouse, please visit:\n\t\thttps://github.com/volkandindar/agartha\n\nAuthor:\tVolkan Dindar\n\t\t\t\[email protected]"
38
+
print "Agartha(v" + VERSION + ") is a security tool for:\n\t\t* Local File Inclusion, Directory Traversal\n\t\t* Command Injection, RCE\n\t\t* SQL Injections\n\t\t* Access Violations, Authentication/Authorization Matrix\n\t\t* Http request to Javascript conversion\n\nFor more information and tutorial, please visit:\n\t\thttps://github.com/volkandindar/agartha\n\nAuthor:\tVolkan Dindar\n\t\t\t\[email protected]"
htmlString +="<p>Agartha is a penetration testing tool which creates dynamic payload lists and user access matrix to reveal injection flaws and authentication/authorization issues. There are many different attack payloads alredy exist, but Agartha creates run-time, systematic and vendor-neutral payloads with many different possibilities and bypassing methods. It also draws attention to user session and URL relationships, which makes easy to find user access violations. And additionally, it converts Http requests to JavaScript to help digging up XSS issues more. In summary:</p><ul>"
871
871
htmlString +="<li><strong>Payload Generator</strong>: It creates payloads/wordlists for different attack types.<ul>"
872
872
htmlString +="<li><strong>Local File Inclusion, Directory Traversal</strong>: It creates file dictionary lists with various encoding and escaping characters.</li>"
873
873
htmlString +="<li><strong>Command Injection / Remote Code Execution</strong>: It creates command dictionary lists for both unix and windows environments with different combinations.</li>"
874
874
htmlString +="<li><strong>SQL Injection</strong>: It creates Stacked Queries, Boolean-Based, Union-Based, Time-Based and Order-Based SQL Injection wordlist for various databases to help finding vulnerable spots.</li></ul></li>"
875
875
htmlString +="<li><strong>Authorization Matrix</strong>: It creates an access role matrix based on user sessions and URL lists to determine authorization/authentication related access violation issues.</li>"
876
-
htmlString +="<li>And <strong>HttpRequestto JavaScriptConverter</strong>: It converts Http requests to JavaScript code to be useful for further XSS exploitation and more.<br><br></li></ul>"
876
+
htmlString +="<li>And <strong>Copyas JavaScript</strong>: It converts Http requests to JavaScript code to be useful for further XSS exploitation and more.<br><br></li></ul>"
htmlString +="<p>It both supports unix and windows file systems. You can generate any wordlists dynamically for the path you want. You just need to supply a file path and that's all.</p>"
879
879
htmlString +="<p><strong>'Depth'</strong> is representation of how deep the wordlist should be. You can generate wordlists 'till' or 'equal to' this value.</p>"
htmlString +="<p>This part focuses on user session and URLs relationships to determine access violations. The tool will visit all URLs from pre-defined user sessions and fill the table with all Http responses. It is a kind of access matrix and helps to find out authentication/authorization issues. Afterwards we will see what user can access what page contents.</p><ul>"
895
-
htmlString +="<li><strong>User session name</strong>: You can right click on any request and send it from 'Extensions > Agartha > AgarthaPanel' to define a user session.</li>"
895
+
htmlString +="<li><strong>User session name</strong>: You can right click on any request and send it from 'Extensions > Agartha > AuthorizationMatrix' to define a user session.</li>"
896
896
htmlString +="<li><strong>URL Addresses</strong> user can visit: You can use Burp's spider feature or any sitemap generators. You may need to provide different URLs for different users.</li>"
897
897
htmlString +="<li>After providing session name, Http header and allowed URLs you can use 'Add User' button to add it.</li></ul>"
htmlString +="<li>Orange, because the response returns 'HTTP 200' but different content length, with authentication/authorization concerns</li>"
916
916
htmlString +="<li>Red, because the response returns 'HTTP 200' and same content length, with authentication/authorization concerns</li></ul>"
917
917
htmlString +="<p>You may also notice, it support only one Http request method and user session at the same time, because it processes bulk requests and it is not possible to provide different header options for each calls. But you may play with 'GET/POST' methods to see response differences.<br><br></p>"
htmlString +="<p>The feature is for converting Http requests to JavaScript code. It can be useful to dig up further XSS issues and bypass header restrictions.</p>"
920
920
htmlString +="<p>To access it, right click any Http Request and 'Extensions > Agartha > Copy as JavaScript'.</p>"
htmlString +="<p>It will automatically save it to your clipboard</p></div>"
923
923
htmlString +="<p>Please note that, the JavaScript code will be called over original user session and many header fields will be filled automatically by browsers. In some cases, the server may require some header field mandatory, and therefore you may need to modify the code for an adjustment.</p>"
Volkan Dindar
committed
with
GitHub
1 year ago
1 parent f856aa23