katana.units.web — Web Application Testing

These units handle procedures that are often necessary for challenges in the Web category of CTFs.

Note

These units are by default aggressive: they will automatically perform SQL injections, attempt LFI, bruteforce web pages and more. Ensure that you have full authorization and permission to point this at a website.

Admittedly, these should be organized into a framework so that once vulnerabilities are found for a website, they can be shared with sister units and leveraged as needed. This is a large undertaking that is still not completed.

• katana.units.web.basic_img_shell — Upload PHP Shell
• katana.units.web.basic_nosqli — NoSQL Injection
• katana.units.web.basic_sqli — SQL Injection
• katana.units.web.cookies — Check Cookies
• katana.units.web.form_submit — Auto-submit Forms
• katana.units.web.git — Dump Git Repos
• katana.units.web.logon_cookies — Check Authentication Cookies
• katana.units.web.robots — Check robots.txt
• katana.units.web.spider — Spider Webpages