CINtruder v0.3 released...

[psy <epsylon () riseup net>]

Dear list,

I have released a new Captcha Intruder (CINtruder) code. It includes a
complete Web User Interface (GUI) and some advanced features for:
update, manage dictionaries, etc.

http://cintruder.03c8.net

If you're not already familiar with CINtruder, please read the
DESCRIPTION section below.


[ DOWNLOAD ]

You can download the new Captcha Intruder here:

 git clone https://github.com/epsylon/cintruder

 http://cintruder.03c8.net/cintruder/cintruder-v0.3.zip
 + https://03c8.net/torrents/cintruder-v0.3.zip.torrent

 http://cintruder.03c8.net/cintruder/cintruder-v0.3.tar.gz
 + https://03c8.net/torrents/cintruder-v0.3.tar.gz.torrent


[ DESCRIPTION ]

Captcha Intruder is a free software[0] automatic pentesting tool to
bypass captchas.

It uses Optical Character Recognition (OCR)[1] techniques to process
images into computer language and brute-forcing methods to compare them
with a dictionary. To do that it only requires a few libraries:

    python-pycurl - Python bindings to libcurl
    python-libxml2 - Python bindings for the GNOME XML library
    python-imaging - Python Imaging Library

 sudo apt-get install python-pycurl python-libxml2 python-imaging

Here are some of CINtruder's features:

 + Proxy Socks (for example, to connect to the TOR network)
 + Spoofed HTTP header values
 + Web User Interface (GUI)
 + Automatic update
 + Download captchas from url (tracking)
 + Apply different OCR algorithms (training + cracking)
 + Cracking captchas: local + remote
 + List/Set existing OCR specific modules (example provided)
 + Export results to XML
 + Replace suggested word on commands of another tool
 + [...]

With Captcha Intruder a security researcher can solves a captcha on a
form and pass that "cracked" parameter immediately to another tool.

For example, if you want to launch a sqlmap to search for SQLi and there
is a captcha, you can handler both tools like this (using flag: CINT):

$ ./cintruder --crack "http://host.com/path/captcha_url"; --tool "sqlmap
-u http://host.com/path/param1=foo?txtCaptcha=CINT";


[ SCREENSHOTS ] [http://cintruder.03c8.net/#media]

Banner:

 http://cintruder.03c8.net/cintruder/cintruder-banner.png

GUI-Training:

 http://cintruder.03c8.net/cintruder/cintruder-gui2.png

GUI-Cracking:

 http://cintruder.03c8.net/cintruder/cintruder-gui3.png


[ EXAMPLES ] [http://cintruder.03c8.net/#examples]

* View help:

./cintruder --help

* Update to latest version:

./cintruder --update

* Launch web interface (GUI):

./cintruder --gui

* Simple crack from url, with proxy TOR and verbose output:

./cintruder --crack "http://host.com/path/captcha_url";
--proxy="http://127.0.0.1:8118"; -v

* Replace suggested word by CIntruder after cracking a remote url on
commands of another tool (ex: "XSSer"):

$ ./cintruder --crack "http://host.com/path/captcha_url"; --tool "xsser
-u http://host.com/path/param1=foo?txtCaptcha=CINT";


[ DONATIONS ]

This initiative depends on donations in order to be able to pay the
server infrastructure.

BTC: 19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw


[ REFERENCES ]

[0] http://cintruder.03c8.net/#license
[1] https://en.wikipedia.org/wiki/Optical_character_recognition

----

EOF: [Fyodor] -> ;-)

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/