- Joined
- Jan 8, 2019
- Messages
- 56,604
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,446
- Points
- 2,313
- Credits
- 32,560
6 Years of Service
76%
Crimson is a tool that automates some of the Pentester or Bug Bounty Hunter tasks.
It uses many open source tools, most of them are available for download from github.
Changelog v3.0
MAJOR CHANGES
Changed operation system from UBUNTU to Kali
Changed .bashrc aliases.
All modules were rebuilt.
Added new module crimson_IPcon – for IP-only assessment.
Active Directory enumeration & vulnerability scanning was added in crimson_IPcon.
No more port scanning on crimson_recon and crimson_target. If you need this functionality, use crimson_IPcon.
No more Python 2.7 code ( there are still some scripts in the /scripts/ directory, but the modules do not use them. I decided to leave them there, so I can rewrite the code if needed to python3 or GO in the future)
testssl, wpscan and jwt_tool transferred from crimson_exploit to crimson_target
testssl transferred from crimson_exploirt to crimson_target
crimson_exploit does not need domain anymore, just the params.txt | all.txt | dirs.txt files
Added sstimap.py to the SSTI testing in the crimson_exploit module
It is possible now to use the crimson_exploit module without a domain name. Just place the dirs.txt and params.txt in the current directory and run the script.
MINOR CHANGES
crimson_faker.py script => Template for generating fake data for API testing.
crimson_target – dig_for_secret functions were moved out. It will be a part of the 5th module for the static code analysis in the next patch.
New for flag crimson_target -n to skip brute-forcing directories.
All banners were removed from modules
Nuclei run with headless mode
You can use c_0, c_1, c_2, and c_3 aliases instead of crimson_MODULE-NAME
Removed some static_code analysis functions from modules and placed them in the future c_4 module named crimson_lang.