Skip to content
/ Raboof Public

Framework for testing common web application vulnerabilities

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

thiagomayllart/Raboof

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits

.idea

.idea

 
 

Raboof

Raboof

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

Raboof

Framework for testing common web application vulnerabilities

Description

Raboof was created with the intention of being a framework for testing web application vulnerabilities. Raboof is structured in a way that implementing new techniques/payloads for the same vulnerability or new vulnerabilities becomes easy.

Functions Available:

-HTTP Parameter Pollution

Scheduled Updates:

-SOAP Injection -Local/Remote File Inclusion -Path Traversal -Dynamic Execution -OS Command Injection

How to use

First you need to setup the request file

This tool is integrated with the output produced using Burp Suite. You MUST USE BURP SUITE

  1. Produce an output of the request containing the key/token/string/etc you want to test: In the Site Map interface in Burp Suite -> Right Click the request -> Save Item -> UNCHECK Base64 encode requests and responses
  2. Change the extension: .xml to .txt.

HTTP Parameter Pollution Parameters:

 -f | The location of your .txt request
 -o | Select 'pp' as Parameter Pollution option
 -th | quantity of threads used
 -d | delay between each request

Example:

raboof.py -f [FILE LOCATION] -o pp
raboof.py -f [FILE LOCATION] -o pp -th [QUANTITY OF THREADS] -d [DELAY BETWEEN THREADS]

About

Framework for testing common web application vulnerabilities

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages