itsMe Posted October 14, 2021 Share Posted October 14, 2021 This is the hidden content, please Sign In or Sign Up Crimson Crimson is a tool that automates some of the Pentester or Bug Bounty Hunter tasks. It uses many open source tools, most of them are available for download from github. It consists of three partially interdependent modules: crimson_recon – automates the process of domain reconnaissance. crimson_target – automates the process of urls reconnaissance. crimson_exploit – automates the process of bug founding. 🔻crimson_recon This module can help you if you have to test big infrastructure or you are trying to earn some bounties in *.scope.com domain. It includes many web scraping and bruteforcing tools. 🔻crimson_target This module covers one particular domain chosen by you for testing. It uses a lot of vulnerability scanners, web scrapers and bruteforcing tools. 🔻crimson_exploit This module uses a number of tools to automate the search for certain bugs in a list of urls. Changelog v2.0 From now on, Crimson acts as a docker container and the install.sh script is no longer supported (Although, it should still works on Linux Mint) Much of the code has been rewritten and improved. Added project_valuation.sh, crimson_mass_nmap.py script to scripts directory Added Ciphey tool words directory has been improved Added new options to all three modules to make them more “elastic”. Added rustscan in place of masscan crimson_recon: Added optional flags to this module, which are shown below: -x # Domain bruteforcing (with words/dns wordlist) -v # Virtual host discovering -p # TCP ports scanning (1-65535) -u # UDP ports scanning (nmap default ports) -b # Third level subdomain bruteforcing -y # Proxy urls.txt and live.txt to Burp (127.0.0.1:8080) crimson_target Added optional flags to this module, which are shown below: -p # TCP (1-65535) / UDP (nmap default) ports scanning -a # Automatic deletion of possible false-positive endpoints after brute forcing with ffuf (this option needs more tests) -y # Proxy urls.txt and ffuf.txt to Burp (127.0.0.1:8080) A lot of modifications in the script New workflow – check the documentation guidelines. crimson_exploit The script was rewritten New tools being added, check scripts directory! Faster CVE scanning This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts