katana.units.web
— Web Application Testing¶
These units handle procedures that are often necessary for challenges in the Web category of CTFs.
Note
These units are by default aggressive: they will automatically perform SQL injections, attempt LFI, bruteforce web pages and more. Ensure that you have full authorization and permission to point this at a website.
Admittedly, these should be organized into a framework so that once vulnerabilities are found for a website, they can be shared with sister units and leveraged as needed. This is a large undertaking that is still not completed.
katana.units.web.basic_img_shell
— Upload PHP Shellkatana.units.web.basic_nosqli
— NoSQL Injectionkatana.units.web.basic_sqli
— SQL Injectionkatana.units.web.cookies
— Check Cookieskatana.units.web.form_submit
— Auto-submit Formskatana.units.web.git
— Dump Git Reposkatana.units.web.logon_cookies
— Check Authentication Cookieskatana.units.web.robots
— Check robots.txtkatana.units.web.spider
— Spider Webpages