Crimson — AppSec firearm III

Guidelines for the crimson_exploit module usage.

Source: https://creator.nightcafe.studio/creation/iLmHqmEJDDXTw6eu9ZVK

INTRODUCTION

This article will describe how to use the crimson_exploit most optimally.
The module is used for finding the vulnerabilities in many URLs.

The crimson_exploit should be used after the manual testing to ensure nothing was left out. The module is good at finding vulnerabilities with the GET method.

Source: Own study — crimson_exploit help message.

CRIMSON EXPLOIT GUIDELINES

You need the dirs.txt and params.txt directories to start using the third module. You can see an example content of the files on the screen above.

These two files are created in the exp/ directory after finishing the execution of the second module — crimson_target.

If you got the files in the current directory, you could start the tool by simply issuing the c_3 command. However, it is advised to use additional flags:

Source; Own study — starting the crimson_exploit tool with additional flags.