Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Messing around with Lua and ended up with "pillage". Currently, pillage's only job is to pillage (crawl) web applications for forms and log them to a csv file. https://amroot.com/
Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Failed to load latest commit information.|
Script: pillage Version: 0.04 License: BSD Simplified Author: Robert Gilbert - amroot.com Current Release Date: April 10, 2013 Description: currently, pillage's only job is to find forms in web applications. I just felt like playing with Lua. Required: luasec Debian prereq: apt-get install lua5.1 liblua5.1-0-dev liblua5.1-socket-dev liblua5.1-sec-dev liblua5.1-curl-dev Verson history: 0.0.4 - April 10, 2013: Fixed error if -w is not specified Merged includes into a single script 0.0.3 - June 25, 2012: First release for public consumption Short might do: Form based Authentication. Replace socket with regex Update cookiejar Better error handling and debugging Submit forms for multi-stage form disc? Do not add forms found previously Find and log form fields Add the ability to supply a list of directories, pages, and/or URIs. Pillage usage: -u - required: valid URL to crawl. http(s)://userid:firstname.lastname@example.org:port -r - optional: follow redirects (301 response). -t - optional: time in milliseconds to pause between requests -s - optional: do not stay within scope (this might crawl the world) -w - optional: write to file in csv format. ./save.csv -m - optional: max URLs to follow. default is never stop crawling until there are no more to crawl -a - optional: user agent (pillage-agent/1.0 by default) -c - optional: cookie storage (default cookiejar.txt) -v - optional: verbosity. -v[1-3] -h - optional: what you're seeing right now Example: ./pillage.lua -u http://www.attackersite.com -r -s -a 'attacker-agent/1.0' -t 500 -m 100 -w ./attackersite-forms.csv -v1