BitTheByte/Eagle BitTheByte/Eagle

  • Stars
    star
    103
  • Rank 322,761 (Top 7 %)
  • Language
    Python
  • Created about 4 years ago
  • Updated 12 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
BitTheByte/Eagle
github

BitTheByte

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Project Eagle (Alpha)

Project Eagle is a plugin based vulnerabilities scanner with threading support used for detection of low-hanging bugs on mass scale

                              .---.        .-----------
                             /     \  __  /    ------
                            / /     \(  )/    -----
                           //////   ' \/ `   ---      Multipurpose vulnerability scanner
                          //// / // :    : ---                    v1.0b
                          / /   /  /`    '--                    2019-2020
                                    //..\\           
                               ====UU====UU====       
                                   '//||\\`           
                                     ''``
                                Project Eagle

Developed and maintained: @BitTheByte Idea: @K4r1it0

Requirements

  1. Python >= 3.6
  2. Install python libraries
$ python3 -m pip install -r requirements.txt
  1. Works on Windows and Linux however windows is not the primary platform

Usage

Ping

This mode is only for checking online targets

$ python3 main.py -f domains.txt --ping

Basic usage

$ python3 main.py -f domains.txt

domains.txt: is a text file containing host names or ips, new line separated

Advanced usage

$ python3 main.py -f domains.txt -w 10 --db output.db.json

domains.txt: is a text file containing host names or ips, new line separated
output.db.json: json formated output of the tool (will be used to restore state in future releases)
10: is the number of working threads. keep in mind, workers are able to start workers for their work not limited by this number

Debug (verbose) mode

$ python3 main.py ...args -v*?

v: success, warning vv: success, warning, error vvv: all suppored messages

Features

  1. CRLF
  2. Senstive files e.g(.git, info.php ..)
  3. Subdomain takeover
  4. Anonymous FTP login
  5. S3 buckets misconfiguration including automatic takeover and upload
  6. HTTP Request Sumggling
  7. Firebase database misconfiguration
  8. Senstive information disclosure e.g(API Keys, Secrets ..) including JS files and HTML pages
  9. Missing SPF Records
  10. Path Traversal
  11. PHP-CGI - CVE_2012_1823
  12. Shell Shock - CVE_2014_6271
  13. Struts RCE - CVE_2018_11776
  14. WebLogic RCE - CVE_2019_2725
  15. Confluence LFI - CVE_2019_3396
  16. Ruby on Rails LFI - CVE_2019_5418
  17. Atlassian SSRF - CVE_2019_8451
  18. Apache Httpd mod_rewrite - CVE_2019_10098

TODO-Features

  • XSS Detection
  • SSRF Attacks
  • Platform Delection
  • Platform Based attacks
  • Automatic Login bruteforce
  • Automatic directory bruteforce
  • Parameter gathering and fuzzing
  • Detecting Error messages
  • Ability to select plugins
  • Automatic updates
  • Port Scanning and service detection

More Repositories

1

YouTubeShop

Youtube autolike and autosubs script
Python
302
star
2

Monitorizer

Multithreaded monitoring framework to detect and report newly found subdomains on a specific target using various scanning tools with support for Acunetix & Nuclei
Python
242
star
3

BitBlinder

BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities
Python
101
star
4

Domainker

BugBounty Tool
Python
40
star
5

BitMapper

Burp-suite Extension For finding .map files
Python
36
star
6

GmailChecker

Youtube or Gmail login checker
Python
29
star
7

BitTraversal

Burpsuite Plugin to detect Directory Traversal vulnerabilities
Java
26
star
8

Orkestra

Web-based Android debugger with inspection capabilities using Frida and Jadx as a backbone
Python
25
star
9

WayRobots

Tool to find stored robots.txt files from the past
Python
16
star
10

Watcherizer

Slack Bot for monitoring websites for codebase changes
Python
15
star
11

Awesome-collisions

Collection of vulnerable functions
11
star
12

XML-Finder

[XXE TOOL] Burp suite extension to detect requests contains XML
Python
10
star
13

FacebookCracker

python cracker for facebook accounts
Python
8
star
14

ModernCryptoLib

Python cryptography library
Python
7
star
15

Facebook-Toolkit

Facebook Python API
Python
6
star
16

CTF-Writeup

Python
6
star
17

Needle

Wrapper around python threading/concurrent module allowing fast development of threaded python applications
Python
5
star
18

BitDefined

Chrome based extension to list custom defined javascript types
JavaScript
5
star
19

Pybook

Facebook messages reply framework
Python
4
star
20

LetsFoolBots

Python
4
star
21

YoutubeAPI

Youtube api for bots
PHP
3
star
22

Web-Spider

Python Web Spider
Python
3
star
23

Image-Reader

Python OCR program to read text within images
3
star
24

sms-beta-website

JavaScript
2
star
25

Helpers

Python
2
star
26

PyVM

Custom Python based VM
Python
1
star
27

PySafe

Python code protector
Python
1
star
28

bitthebyte.github.io

CSS
1
star
29

Jsepy

Little python GUI framework
Python
1
star
30

Awesome-SubSystem

Shell
1
star