Intruder

Intruder.py - A powerful tool to customize attacks on websites. Has 4 different options of attacks.

• Sniper: This uses a single set of payloads_sets. It targets each payload position in turn, and places each payload into that position in turn.
• Battering-Ram: Allows only 1 payload, runs on ALL the marked positions in the same time.
• Pitchfork: Uses multiple payload sets. There is a different payload set for each defined position (up to a maximum of 20). The attack iterates through all payload sets simultaneously, and places one payload into each defined position.
• Cluster-Bomb: Allows up to 20 payloads, 1 payload for each position marked. Tries all possible combinations of payloads per position.

Installation:

1. Add the Burpee module provided in the main branch to your modules folder or get it from the source: https://github.com/xscorp/Burpee.
2. 'git-clone https://github.com/RhoTau42/Intruder'
3. 'cd Intruder/'
4. run the program as you like with: python3 intruder.py [OPTIONS]...

Usage:

1. Create a file with a POST\GET request. (Use BurpSuite and copy+paste the request to an empty file).
2. Mark the variables you want to run payloads on Example in the request: username=var1. Say i want to run a sniper attack on var1. I'll just mark the variable like so: $var1$.
   • You can use any kind of sign. Intruder will prompt you to specify which sign you used as a marker (By default, it's set to dollar-signs '$').
3. Run the Intruder, give it a payload(s) set(s) and specify other options if you want to. Add the required argument, request_file.
4. A main-menu will be prompted to ask what attack type you would like to use.
5. Make your choice and let the program run.
6. Finally, a table will be printed to stdout and saved to an output file (By dafault: 'output.txt' - you can change that with -o)

intruder.py [-h] -p --payloads_sets PAYLOADS_SETS [PAYLOADS_SETS ...] [-o OUTPUT_PATH] [-s SLEEP] [-v] request_file

• Intruder is a powerful tool for automating customized attacks against web applications. It can be used to automate all kinds of tasks that may arise during your testing.

• positional arguments:

  • request_file Request file with marked variables (POST or GET).

• optional arguments:

  • -h, --help show this help message and exit.
  • -p --payloads_sets PAYLOADS_SETS [PAYLOADS_SETS ...] Set or multiple sets of payloads_sets to run.
  • -o OUTPUT_PATH, --output OUTPUT_PATH Name for the output file. (Default: output.txt)
  • -s SLEEP, --sleep SLEEP Sets a sleep timer (in secs) between requests.
  • -v, --verbose Verbose mode to show errors.

  Example: python3 intruder.py -p payload_set1 payload_set2 payload_set3 -o ouput.txt -s 0.75 -v POST_request.txt

  Requirements:

  • Burpee module: https://github.com/xscorp/Burpee
  • Python