Crimson — AppSec firearm III
Guidelines for the crimson_exploit module usage.
INTRODUCTION
This article will describe how to use the crimson_exploit
most optimally.
The module is used for finding the vulnerabilities in many URLs.
The
crimson_exploit
should be used after the manual testing to ensure nothing was left out. The module is good at finding vulnerabilities with the GET method.
CRIMSON EXPLOIT GUIDELINES
You need the dirs.txt
and params.txt
directories to start using the third module. You can see an example content of the files on the screen above.
These two files are created in the
exp/
directory after finishing the execution of the second module —crimson_target
.
If you got the files in the current directory, you could start the tool by simply issuing the c_3
command. However, it is advised to use additional flags: