[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] CINtruder v0.3 released...

Dear list,

I have released a new Captcha Intruder (CINtruder) code. It includes a
complete Web User Interface (GUI) and some advanced features for:
update, manage dictionaries, etc.


If you're not already familiar with CINtruder, please read the
DESCRIPTION section below.


You can download the new Captcha Intruder here:

 git clone https://github.com/epsylon/cintruder

 + https://03c8.net/torrents/cintruder-v0.3.zip.torrent

 + https://03c8.net/torrents/cintruder-v0.3.tar.gz.torrent


Captcha Intruder is a free software[0] automatic pentesting tool to
bypass captchas.

It uses Optical Character Recognition (OCR)[1] techniques to process
images into computer language and brute-forcing methods to compare them
with a dictionary. To do that it only requires a few libraries:

    python-pycurl - Python bindings to libcurl
    python-libxml2 - Python bindings for the GNOME XML library
    python-imaging - Python Imaging Library

 sudo apt-get install python-pycurl python-libxml2 python-imaging

Here are some of CINtruder's features:

 + Proxy Socks (for example, to connect to the TOR network)
 + Spoofed HTTP header values
 + Web User Interface (GUI)
 + Automatic update
 + Download captchas from url (tracking)
 + Apply different OCR algorithms (training + cracking)
 + Cracking captchas: local + remote
 + List/Set existing OCR specific modules (example provided)
 + Export results to XML
 + Replace suggested word on commands of another tool
 + [...]

With Captcha Intruder a security researcher can solves a captcha on a
form and pass that "cracked" parameter immediately to another tool.

For example, if you want to launch a sqlmap to search for SQLi and there
is a captcha, you can handler both tools like this (using flag: CINT):

$ ./cintruder --crack "http://host.com/path/captcha_url"; --tool "sqlmap
-u http://host.com/path/param1=foo?txtCaptcha=CINT";

[ SCREENSHOTS ] [http://cintruder.03c8.net/#media]







[ EXAMPLES ] [http://cintruder.03c8.net/#examples]

* View help:

./cintruder --help

* Update to latest version:

./cintruder --update

* Launch web interface (GUI):

./cintruder --gui

* Simple crack from url, with proxy TOR and verbose output:

./cintruder --crack "http://host.com/path/captcha_url";
--proxy=""; -v

* Replace suggested word by CIntruder after cracking a remote url on
commands of another tool (ex: "XSSer"):

$ ./cintruder --crack "http://host.com/path/captcha_url"; --tool "xsser
-u http://host.com/path/param1=foo?txtCaptcha=CINT";


This initiative depends on donations in order to be able to pay the
server infrastructure.

BTC: 19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw


[0] http://cintruder.03c8.net/#license
[1] https://en.wikipedia.org/wiki/Optical_character_recognition


EOF: [Fyodor] -> ;-)

Attachment: signature.asc
Description: OpenPGP digital signature

Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/