lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 2 Jan 2017 12:57:06 +0000
From: psy <epsylon@...eup.net>
To: fulldisclosure@...lists.org
Subject: [FD] CINtruder v0.3 released...

Dear list,

I have released a new Captcha Intruder (CINtruder) code. It includes a
complete Web User Interface (GUI) and some advanced features for:
update, manage dictionaries, etc.

http://cintruder.03c8.net

If you're not already familiar with CINtruder, please read the
DESCRIPTION section below.


[ DOWNLOAD ]

You can download the new Captcha Intruder here:

 git clone https://github.com/epsylon/cintruder

 http://cintruder.03c8.net/cintruder/cintruder-v0.3.zip
 + https://03c8.net/torrents/cintruder-v0.3.zip.torrent

 http://cintruder.03c8.net/cintruder/cintruder-v0.3.tar.gz
 + https://03c8.net/torrents/cintruder-v0.3.tar.gz.torrent


[ DESCRIPTION ]

Captcha Intruder is a free software[0] automatic pentesting tool to
bypass captchas.

It uses Optical Character Recognition (OCR)[1] techniques to process
images into computer language and brute-forcing methods to compare them
with a dictionary. To do that it only requires a few libraries:

    python-pycurl - Python bindings to libcurl
    python-libxml2 - Python bindings for the GNOME XML library
    python-imaging - Python Imaging Library

 sudo apt-get install python-pycurl python-libxml2 python-imaging

Here are some of CINtruder's features:

 + Proxy Socks (for example, to connect to the TOR network)
 + Spoofed HTTP header values
 + Web User Interface (GUI)
 + Automatic update
 + Download captchas from url (tracking)
 + Apply different OCR algorithms (training + cracking)
 + Cracking captchas: local + remote
 + List/Set existing OCR specific modules (example provided)
 + Export results to XML
 + Replace suggested word on commands of another tool
 + [...]

With Captcha Intruder a security researcher can solves a captcha on a
form and pass that "cracked" parameter immediately to another tool.

For example, if you want to launch a sqlmap to search for SQLi and there
is a captcha, you can handler both tools like this (using flag: CINT):

$ ./cintruder --crack "http://host.com/path/captcha_url" --tool "sqlmap
-u http://host.com/path/param1=foo?txtCaptcha=CINT"


[ SCREENSHOTS ] [http://cintruder.03c8.net/#media]

Banner:

 http://cintruder.03c8.net/cintruder/cintruder-banner.png

GUI-Training:

 http://cintruder.03c8.net/cintruder/cintruder-gui2.png

GUI-Cracking:

 http://cintruder.03c8.net/cintruder/cintruder-gui3.png


[ EXAMPLES ] [http://cintruder.03c8.net/#examples]

* View help:

./cintruder --help

* Update to latest version:

./cintruder --update

* Launch web interface (GUI):

./cintruder --gui

* Simple crack from url, with proxy TOR and verbose output:

./cintruder --crack "http://host.com/path/captcha_url"
--proxy="http://127.0.0.1:8118" -v

* Replace suggested word by CIntruder after cracking a remote url on
commands of another tool (ex: "XSSer"):

$ ./cintruder --crack "http://host.com/path/captcha_url" --tool "xsser
-u http://host.com/path/param1=foo?txtCaptcha=CINT"


[ DONATIONS ]

This initiative depends on donations in order to be able to pay the
server infrastructure.

BTC: 19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw


[ REFERENCES ]

[0] http://cintruder.03c8.net/#license
[1] https://en.wikipedia.org/wiki/Optical_character_recognition

----

EOF: [Fyodor] -> ;-)


Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists