Crimson – Automate Pentesting / Bug Bounty Hunter Tasks

crimson

It consists of three partially interdependent modules:

  • crimson_recon – automates the process of domain reconnaissance.
  • crimson_target – automates the process of urls reconnaissance.
  • crimson_exploit – automates the process of bug founding.

small_red_triangle_downcrimson_recon

This module can help you if you have to test big infrastructure or you are trying to earn some bounties in *.scope.com domain. It includes many web scraping and bruteforcing tools.

small_red_triangle_downcrimson_target

This module covers one particular domain chosen by you for testing.
It uses a lot of vulnerability scanners, web scrapers and bruteforcing tools.

small_red_triangle_downcrimson_exploit

This module uses a number of tools to automate the search for certain bugs in a list of urls.

Installation

Tested on Linux Mint and Kali Linux.

git clone https://github.com/Karmaz95/crimson.git 
cd crimson
chmod +x install.sh
./install.sh

Then add below line to your .bashrc / .zshrc etc.

export GOPATH=$HOME/go
export PATH="$HOME/bin:$:$HOME/tools/codeql:$HOME/.local/bin:$HOME/go/bin:$PATH"

Install Burp Suite and extensions listed below in section Burp Suite extensions.

Usage

First module needs domain name to work properly, f.e. google.com and -x flag if you want to brute force subdomains.
./crimson_recon -D "domain.com" -x
  • You can learn more about crimson_recon module by reading my article at medium
Second module needs subdomain name. You can additionally put authorization cookie
./crimson_target -d "example.domain.com" -c "Cookie: auth1=123;"
  • You can learn more about crimson_target module by reading my article at medium
Third module needs subdomain name with your collaborator and vps ip. You can additionally put authorization cookie and if you want to fuzz all the urls use the -x flag.
./crimson_exploit -D "example.domain.com" -c "Cookie: auth1=123;" -d "collaborator.com" -i "ip" -x
  • You can learn more about crimson_exploit module by reading my article at medium
Before starting the script run the listener on your vps machine on port 80

Download: https://github.com/Karmaz95/crimson

Please follow and like us:

Leave a Reply

Your email address will not be published.