Giter VIP home page Giter VIP logo

erebus's Introduction


Erebus

Fast and customisable parameter based vulnerability scanner based on simple YAML Rules

HowInstallTemplatesInterceptorUsageJoin Discord

Erebus is used to test every parameter across targets based on Yaml templates leading to zero false positives and providing fast scanning on large number of hosts. Erebus offers many useful features including an intercepting proxy which allows researchers to browse the web, click on links and erebus will test every parameter that passes through the proxy.

We have a dedicated repository that houses various types of vulnerability templates.

How templates work

yaml-templates-flow

Install Erebus

▶  GO111MODULE=off go get -u -v github.com/ethicalhackingplayground/erebus/erebus

Install Templates

▶  erebus -ut

Erebus Templates

Erebus has had built-in support for automatic update/download templates (https://github.com/ethicalhackingplayground/erebus/releases/latest). Erebus-Templates project provides a community-contributed list of ready-to-use templates that can be used with part of your testing.

You may use the -ut flag to update the nuclei templates at any time.

Setup Erebus Interceptor

Make sure to setup a proxy in your browser before you use the erebus interceptor for firefox go to

▶ Settings ▶ General ▶ Network Settings ▶ Manual proxy configuration

type in 127.0.0.1 in HTTP Proxy then for the port type in 8080 make sure to enable Also use this proxy for FTP and HTTPS

Install the SSL Certificates to use HTTPS

I have provided the certificates for you to use for HTTPS testing, all you need to do is install these by:

▶ Settings ▶ Privacy & Security ▶ Certificates ▶ View Certificates ▶ Import ▶

Select the .crt file in the erebus directory and proceed by trusting and installing.

Usage

erebus -h

This will display help for the tool. Here are all the switches it supports.

👉 erebus help menu 👈 
Usage of erebus:
  -burp-sitemap string
        scan burp xml sitemap (without base64 decoded)
  -c int
        the number of concurrent requsts (default 100)
  -crawl
        crawl through each intercepted request
  -depth int
        the crawl depth (default 5)
  -interceptor
        intercept the requests through the proxy and test each parameter
  -o string
        output results to a file
  -p string
        the port on which the interception proxy will listen on (default "8080")
  -scope string
        the scope for the proxy intercetor
  -secure
        determaines if the connection is secure or not
  -silent
        silent (only show vulnerable urls)
  -t string
        use the templates with all our yaml rules instead
  -tc string
        Use other tools by executing an os command (default "qsreplace")
  -ut
        Install or update the erebus-templates

Usage

Here are a few examples on how to use the erebus scanner for part of your testing.

Intercept and Crawl on HTTP

Scanning for XSS vulnerabilities using the intercepting proxy with all of paypal inscope while crawling on HTTP domains.

▶ erebus -t erebus-templates/xss-reflected.yaml -interceptor -crawl -scope ".*.\.paypal.com"

Intercept and Crawl on HTTPS

Scanning for XSS vulnerabilities using the intercepting proxy with all of paypal inscope while crawling on HTTPS domains.

▶ erebus -t erebus-templates/xss-reflected.yaml -interceptor -crawl -secure -scope ".*.\.paypal.com"

Tool Chaining Usage

Scanning for XSS vulnerabilities across range of subdomains using subfinder and Gau

echo "paypal.com" | gau | erebus -t erebus-templates/xss-reflected.yaml

Scan subdomains from a file in the format https:// or http://

▶ cat alive | gau | erebus -t erebus-templates/xss-reflected.yaml

asciicast

License

Erebus is distributed under GPL-3.0 License

Join Discord

erebus's People

Contributors

ethicalhackingplayground avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.