A Modular Web Vulnerability Scanner
Python
Switch branches/tags
Nothing to show
Permalink
Failed to load latest commit information.
core HTML parsing and caching fix Jan 24, 2011
.gitignore Removed pyc files Jan 23, 2011
LICENSE first commit Jan 23, 2011
README Implemented single url mode Jan 24, 2011
altair.py Implemented single url mode Jan 24, 2011
kb.xml Fixed SQLi rules Jan 23, 2011

README

ALTAIR - A Modular Web Vulnerability Scanner
Copyleft by Simone Margaritelli <evilsocket@gmail.com>
http://www.evilsocket.net - http://www.backbox.org

Usage: altair [options] -u <target>

EXAMPLES:
  altair --filter=lfi,rfi --url=http://www.somesite.com
  altair --filter=sqli --load-modules=sqlmap --url=http://www.somesite.com

Options:
  -h, --help            show this help message and exit
  -t THREADS, --threads=THREADS
                        Max simultaneous threads.
  -e ALLOWEDEXTENSIONS, --ext=ALLOWEDEXTENSIONS
                        Comma separated allowed extensions.
  -a USERAGENT, --ua=USERAGENT
                        Custom user agent.
  -d, --enable-delay    Enable crawling delay.
  -s CRAWLDELAY, --crawl-delay=CRAWLDELAY
                        Crawling delay in ms.
  -m MAXDIRECTORYDEPTH, --max-depth=MAXDIRECTORYDEPTH
                        Max directory depth.
  -p, --enable-proxy    Enable proxy support.
  -S PROXYSERVER, --proxy-server=PROXYSERVER
                        Proxy server address.
  -P PROXYPORT, --proxy-port=PROXYPORT
                        Proxy server port.
  -f KBFILTER, --filter=KBFILTER
                        Comma separated ids of vulnerabilities to test,
                        default to all, use the --list-ids flag to enumerate
                        available ids.
  -I, --list-ids        Print a list of available ids in the knowledge base to
                        be used with the --filter flag.
  -k KBFILE, --kb=KBFILE
                        Knowledge base file to use, default kb.xml.
  -L MODULES, --load-modules=MODULES
                        Comma separated modules names to load or 'all' to load
                        them all, use the --list-modules flag to a list of
                        available modules.
  -M, --list-modules    Print a list of available modules.
  -u URL, --url=URL     Url to test, mandatory.
  -O OUTFILE, --output=OUTFILE
                        Output status and result to file.
  --import-files=IMPORTFILES
                        Import sensitive files list from this file.
  --import-dirs=IMPORTDIRS
                        Import sensitive directories list from this file.
  --single-mode         Single url mode, scan only this url for
                        vulnerabilities (the URL has to have at least one
                        parameter).


----------------------------------------------------------------------------------------

[evilsocket@shinigami altair] ./altair.py -I

[xss] Cross Site Scriptings :
A cross site scripting vulnerability, also known as XSS, is one of the most common vulnerabilities in web apps. The server does not check the users' input, and parses GET variables (can be done also through POST sometimes), without sanitizing them ahead of time. This allows users to inject html, javascript, or other code, through the page affected by this kind of bug. These injections occur client side (the server side code will be not modified), but the html stream that the user receives will contain the injected code . Usually this type of flaw is used to obtain private data such as cookies, data that often contains the credentials to access protected pages.

[sqli] SQL Injections :
An SQL injection, or SQL code injection, is another example of how a lack of checking user inputed data can undermine our site's security. Nowadays 90% of existing websites rely on a database to store contents such as news, articles, or simply to manage the users; this means that if not placed through an accurate checking process, the data send from an attacker can affect the information present in our database. An SQL injection, as the name itself suggests, is made by injecting arbitrary sql code in a variable sent to the website, both GET or POST, to obtain data from the db, data that would not be normally accessible .

[rfi] Remote File Inclusions :
A remote file inclusion happens when a page includes a file whose name is taken from a GET or POST variable that is not sanitized or checked ahead of time .

[lfi] Local File Inclusions :
A local file inclusion happens when a page includes a file whose name is taken from a GET or POST variable that is not sanitized or checked ahead of time .

[files] Sensitive Files :
Potential sensitive file .

[dirs] Sensitive Directories :
Potential sensitive directory .

----------------------------------------------------------------------------------------

[evilsocket@shinigami altair] altair -M

[+] 'lfier' by Simone Margaritelli <evilsocket@gmail.com> : This module will try to read some standard system files upon LFI vulnerabilities.
[+] 'sqlmap' by Simone Margaritelli <evilsocket@gmail.com> : This module will ask the user to launch sqlmap when a sql injection is found.