- Joined
- Jan 8, 2019
- Messages
- 56,608
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,454
- Points
- 2,313
- Credits
- 32,600
6 Years of Service
76%
Agartha { LFI | RCE | Auth | SQLi | Http-Js }
Agartha is a penetration testing tool that creates dynamic payload lists and user access matrix to reveal injection flaws and authentication/authorization issues. There are many different attack payloads that exist, but Agartha creates run-time, systematic, and vendor-neutral payloads with many different possibilities and bypassing methods. It also draws attention to user session and URL relationships, which makes it easy to find user access violations. And additionally, it converts Http requests to JavaScript to help dig up XSS issues. In summary:
Payload Generator: It creates payloads/wordlists for different attacks.
Directory Traversal/Local File Inclusion: It creates file dictionary lists with various encoding and escaping characters.
Remote Code Execution: It creates command dictionary lists for both Unix and Windows environments with different combinations.
SQL Injection: It creates Batched Queries, Boolean-Based, Union-Based and Time-Based SQLi wordlist for various databases to help find vulnerable spots.
Authorization Matrix: It creates an access role matrix based on user sessions and URL lists to determine authorization/authentication-related access violation issues.
And Http Request to JavaScript Converter: It converts Http requests to JavaScript code to be useful for further XSS exploitation and more.