0d1n is a tool for automating customized attacks against web applications.
It is an Open Source web application bruteforcer and Fuzzer, its objective is to automate exhaustive tests to find anomalies/vulnerabilities. These tests can follow web parameters, files, directories, forms and others.
Features:
- Brute force login and passwords in auth forms
- Directory disclosure ( use PATH list to brute, and find HTTP status code )
- Test to find SQL Injection and XSS vulnerabilities
- Options to load ANTI-CSRF token each request
- Options to use random proxy per request
- and More…
Rules you need know about parameters:
- Each parameter is a resource function to help you
- When you view character ’ ˆ ’(circumflex) this is lexical character this represents the payload to replace each line in text file
- The parameter “–log” you need use always
- The parameter “–host” you need use always
- The parameter “–save response” if you use on end command, save Responses of requests, so if you click in “status code” at javascript table you can view response with highlights.
Tamper resource:
- Tamper is a function to use camouflage in your payload, this way you can bypass web application firewall
- Each option use a different technique to hide the payload
- You need to remember to using proxy list per Request to try to walk in stealth to work without blacklists.
