Altair is a Python tool that can be used to scan for web related vulnerabilities, some of which include database vulnerabilities (SQL), Cross Site Scripting (XSS), Local File Inclusion (LFI), Remote File Inclusion (RFI), potential sensitive files, and directories containing sensitive information.
The tool scans files and directories of the target host to find potential vulnerabilities. Altair can also make use of SQLMAP and Lfier tools to exploit the said vulnerabilities. SQLMAP is a handy tool that exploits database vulnerabilities. Lfier tool is capable of exploiting the LFI vulnerabilities.
Altair Installation
Altair is a Python based tool that does not require any specific packages to be installed as a pre-requisite. The SQLMAP and Lfier tools must be available on the disposal of the tool if the goal is to exploit the (LFI,SQL) vulnerabilities found during the scanning process. The tool can be cloned using the following command.
git clone https://github.com/evilsocket/altair
How Altair Works
Altair tool can find the vulnerabilities in the target host by running the following command.
python altair.py –u <target web host here>
The above command crawls all the links associated with the target web host. After completing the crawling process, the tool enumerates the target links to find vulnerabilities. If the target host is vulnerable to any of the aforementioned vulnerabilities, the tool displays the results as shown in the following screenshot.
We can also define the filters and modules in the command to refine the scanning process and exploit the vulnerabilities (if any). For instance, we can apply the sqli filter to scan the target web host for SQL vulnerabilities. The module (SQLMAP) can be defined to exploit the SQL vulnerabilities. The following command shows the filter and module inclusion in the scanning process.
python altair.py --filter=sqli --load-modules=sqlmap –url=<target web host here>
If the target web host is vulnerable to SQL vulnerabilities, the tool asks for permission to launch the module (sqlmap) to further exploit the discovered vulnerability.
