Messing around with Lua and ended up with "pillage". Currently, pillage's only job is to pillage (crawl) web applications for forms and log them to a csv file.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
README
pillage.lua

README

Script: pillage
Version: 0.04
License: BSD Simplified
Author: Robert Gilbert - amroot.com
Current Release Date: April 10, 2013
Description: currently, pillage's only job is to find forms in web applications. I just felt like playing with Lua.
Required: luasec
Debian prereq:
apt-get install lua5.1 liblua5.1-0-dev liblua5.1-socket-dev liblua5.1-sec-dev liblua5.1-curl-dev

Verson history:
  0.0.4 - April 10, 2013:
      Fixed error if -w is not specified
      Merged includes into a single script
  0.0.3 - June 25, 2012:
      First release for public consumption

Short might do:
Form based Authentication.
Replace socket with regex
Update cookiejar
Better error handling and debugging
Submit forms for multi-stage form disc?
Do not add forms found previously
Find and log form fields 
Add the ability to supply a list of directories, pages, and/or URIs.

Pillage usage: 
	-u	 - required: valid URL to crawl. http(s)://userid:password@www.attackersite.com:port
	-r	 - optional: follow redirects (301 response).
	-t	 - optional: time in milliseconds to pause between requests
	-s	 - optional: do not stay within scope (this might crawl the world)
	-w	 - optional: write to file in csv format. ./save.csv
	-m	 - optional: max URLs to follow. default is never stop crawling until there are no more to crawl
	-a	 - optional: user agent (pillage-agent/1.0 by default)
	-c	 - optional: cookie storage (default cookiejar.txt)
	-v	 - optional: verbosity. -v[1-3]
	-h	 - optional: what you're seeing right now

Example: 
	./pillage.lua -u http://www.attackersite.com -r -s -a 'attacker-agent/1.0' -t 500 -m 100 -w ./attackersite-forms.csv -v1