Caesar

️Caesar A new sensitive file discovery tool

Project brief introduction

File scanning is a basic part of security service , There are also many tools for document scanning on the Internet , For example, the imperial sword ,7kbscan,dirsearch etc. , But there are still many problems in actual combat , Such as cross platform issues and dynamics 404 problem . So I rebuilt a wheel according to my own experience .

Project features

• One Support mainstream platforms : Thanks to the golang Cross platform advantages . A compilation , Run anywhere .
• Two Powerful concurrency : golang Concurrency is unique .12 Under the thread, thousands of requests per second can be realized . For safety reasons , By default, only 3 Threads .
• 3、 ... and Path memory function : Caesar You can remember the hit times of the path , Next time I run , The path with more hits will have higher priority .
• Four dynamic 404 Judge : There is no page returned for the website 404,200,3xx The status code can automatically identify and judge .
• 5、 ... and Dynamic file suffix scanning function : For example, discovery index.php after , The program will scan in two-stage scanning index.php.txt, index.php.swp, index.php.bak.
• 6、 ... and Dynamic directory scanning function : For example, discovery /admin after , The program will scan in two-stage scanning admin.zip, admin.rar, admin.tar, admin.tar.gz.
• 7、 ... and Customizable http Request header : modify config.yml Of Headers You can add request header content .
• 8、 ... and Customizable User-Agent: modify config.yml Of UserAgent Can achieve random UA.
• Nine Customizable proxy : modify config.yml Of Proxy Proxy access can be realized .
• Ten Customizable cookie: modify config.yml Of Cookie When visiting the website, you will bring cookie.
• 11、 ... and Oversized dictionary : The program comes with it common,jsp,asp,php,spring,weblogic Dictionaries , Total over 10 Ten thousand paths , Of course, you can also customize yourself .
• Twelve Too many errors, automatic exit function : When the access target timeout reaches a certain number, the task will be automatically terminated .
• 13、 ... and Support -r Read http request : similar sqlmap Of -r function .
• fourteen Support batch scanning : You can get multiple targets from text .

The required compilation environment

Golang 1.15( recommend )

Save the results

Logs and discovered information will be saved in results Under the table of contents

🥎 Path Dictionary

The path dictionary is assets/directory Under the table of contents , Compared with other programs, the path text dictionary ,Caesar The path Dictionary of is json, Can pass

caesar convert -d ~/path/ 

Convert the ordinary path dictionary into something that the program can recognize json Dictionaries . Put the converted dictionary in assets/directory Under the directory .

Third party framework

• pb - Terminal progress bar implementation
• logrus - A very simple but powerful logger
• cobra - Cobra It's both a way to create a powerful modern CLI Command line golang library , It's also a program that generates program applications and command line files
• fasthttp - fasthttp yes Go Fast HTTP Realization

TODO

• common MVC Framework recognition and dictionary optimization . One spring For frame .jsp The path scan of is obviously inappropriate
• Directory iterative scan
• common WAF Prevent suffix recognition .WAF Will prevent similar /www.zip Request , Return something different from the application itself ban Information
• Continuous optimization and bug Repair
• 403 Directory bypass function

Project address

https://github.com/0ps/Caesar