Home Explore Help
Sign In
epsylon
/
cintruder
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0
Tree: a87de5493c
Branches Tags
cintruder
/
docs
/
README

README 3.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 
  1. ================================================================
    2. 

  2. Introduction:
    3. 

  3. ==============================
    4. 

  4. 

  5. Captcha Intruder is an automatic pentesting tool to bypass captchas.
    6. 

  6. 

  7. ================================================================
    8. 

  8. Options and features:
    9. 

  9. ==============================
    10. 

  10.  
    11. 

  11. cintruder [OPTIONS]
    12. 

  12. 

  13. Options:
    14. 

  14.   --version            show program's version number and exit
    15. 

  15.   -h, --help           show this help message and exit
    16. 

  16.   -v, --verbose        active verbose mode output results
    17. 

  17.   --proxy=PROXY        use proxy server (tor: http://localhost:8118)
    18. 

  18.   --gui                run GUI (CIntruder Web Interface)
    19. 

  19.   --update             check for latest stable version
    20. 

  20. 

  21.   ->Tracking:
    22. 

  22.     --track=TRACK      download captchas from url (to: 'inputs/')
    23. 

  23.     --track-num=S_NUM  set number of captchas to download (default: 5)
    24. 

  24.     --tracked-list     list last tracked captchas (from: 'inputs/')
    25. 

  25. 

  26.   ->Configuration (training/cracking):
    27. 

  27.     --set-id=SETIDS    set colour's ID manually (use -v for details)
    28. 

  28. 

  29.   ->Training:
    30. 

  30.     --train=TRAIN      train using common OCR techniques
    31. 

  31. 

  32.   ->Cracking:
    33. 

  33.     --crack=CRACK      brute force using local dictionary
    34. 

  34. 

  35.   ->Modules (training/cracking):
    36. 

  36.     --mod=NAME         set a specific OCR exploiting module
    37. 

  37.     --mods-list        list available modules (from: 'mods/')
    38. 

  38. 

  39.   ->Post-Exploitation (cracking):
    40. 

  40.     --xml=XML          export result to xml format
    41. 

  41.     --tool=COMMAND     replace suggested word on commands of another tool. use
    42. 

  42.                        'CINT' marker like flag (ex: 'txtCaptcha=CINT')
    43. 

  43. 

  44. ================================================================
    45. 

  45. Examples of usage:
    46. 

  46. ==============================
    47. 

  47. 

  48. -------------------
    49. 

  49. * View help:
    50. 

  50. 

  51. $ ./cintruder --help
    52. 

  52. -------------------
    53. 

  53. * Update to latest version:
    54. 

  54. 

  55. $ ./cintruder --update
    56. 

  56. -------------------
    57. 

  57. * Launch web interface (GUI):
    58. 

  58. 

  59. $ ./cintruder --gui
    60. 

  60. -------------------
    61. 

  61. * Simple crack from file:
    62. 

  62. 

  63. $ ./cintruder --crack "inputs/captcha.gif"
    64. 

  64. -------------------
    65. 

  65. * Simple crack from URL:
    66. 

  66. 

  67. $ ./cintruder --crack "http://host.com/path/captcha_url"
    68. 

  68. -------------------
    69. 

  69. * Simple crack from local, exporting results to a xml file:
    70. 

  70. 

  71. $ ./cintruder --crack "inputs/captcha.gif" --xml "test.xml"
    72. 

  72. -------------------
    73. 

  73. * Simple crack from url, with proxy TOR and verbose output:
    74. 

  74. 

  75. $ ./cintruder --crack "http://host.com/path/captcha_url" --proxy="http://127.0.0.1:8118" -v
    76. 

  76. -------------------
    77. 

  77. * Train captcha(s) from url, with proxy TOR and verbose output:
    78. 

  78. 

  79. $ ./cintruder --train "http://host.com/path/captcha_url" --proxy "http://127.0.0.1:8118" -v
    80. 

  80. -------------------
    81. 

  81. * Track 50 captcha(s) from url, with proxy TOR:
    82. 

  82. 

  83. $ ./cintruder --track "http://host.com/path/captcha.gif" --track-num "50" --proxy "http://127.0.0.1:8118"
    84. 

  84. -------------------
    85. 

  85. * List available modules (from "mods/"):
    86. 

  86. 

  87. $ ./cintruder --list
    88. 

  88. -------------------
    89. 

  89. * Launch an OCR module to train a specific local captcha:
    90. 

  90. 

  91. $ ./cintruder --train "inputs/easycaptcha.gif" --mod "module_invocation_name"
    92. 

  92. -------------------
    93. 

  93. * Launch an OCR module to crack a specific online captcha, with verbose output:
    94. 

  94. 

  95. $ ./cintruder --crack "http://host.com/path/captcha_url" --mod "module_invocation_name" -v
    96. 

  96. -------------------
    97. 

  97. * Replace suggested word by CIntruder after cracking a remote url on commands of another tool (ex: "XSSer"):
    98. 

  98. 

  99. $ ./cintruder --crack "http://host.com/path/captcha_url" --tool "xsser -u http://host.com/path/param1=foo&param2=bar&txtCaptcha=CINT"
    100. 

  100. -------------------
    101. 

  101.