Research Academy
My account Customers About Blog Careers Legal Contact Resellers
  1. Support Center
  2. BApp Store
  3. Agartha - LFI, RCE, SQLi, Auth, HTTP to JS

Professional Community

Agartha - LFI, RCE, SQLi, Auth, HTTP to JS

Download BApp

Agartha, specializes in advance payload generation and access control assessment. It adeptly identifies vulnerabilities related to injection attacks, and authentication/authorization issues. The dynamic payload generator crafts extensive wordlists for various injection vectors, including SQL Injection, Local File Inclusion (LFI), and Remote Code Execution(RCE). Furthermore, the extension constructs a comprehensive user access matrix, revealing potential access violations and privilege escalation paths. It also assists in performing HTTP 403 bypass checks, shedding light on auth misconfigurations. Additionally, it can convert HTTP requests to JavaScript code to help digging up XSS issues more.

In summary:

  • 'Payload Generator': It dynamically constructs comprehensive wordlists for injection attacks, incorporating various encoding and escaping characters to enhance the effectiveness of security testing. These wordlists cover critical vulnerabilities such as SQL Injection, Local File Inclusion (LFI), and Remote Code Execution, making them indispensable for robust security testing.
    • Local File Inclusion, Path Traversal helps identifying vulnerabilities that allow attackers to access files on the server's filesystem.
    • Remote Code Execution, Command Injection aims to detects potential command injection points, enabling robust testing for code execution vulnerabilities.
    • SQL Injection assists to uncover SQL Injection vulnerabilities, including Stacked Queries, Boolean-Based, Union-Based, and Time-Based.
  • 'Auth Matrix': By constructing a comprehensive access matrix, the tool reveals potential access violations and privilege escalation paths. This feature enhances security posture by addressing authentication and authorization issues. You can use the web 'Spider' feature to generate a sitemap/URL list, and it will crawl visible links from the user's session automatically.
  • '403 Bypass': It aims to tackle common access restrictions, such as HTTP 403 Forbidden responses. It utilizes techniques like URL manipulation and request header modification to bypass implemented limitations.
  • 'Copy as JavaScript': It converts Http requests to JavaScript code for further XSS exploitation and more.

For additional information or to report any issues, please visit the project's homepage.

Author

 Author

Volkan Dindar

Version

 Version

2.0

Rating

 Rating

Popularity

 Popularity

Last updated

 Last updated

30 August 2024

Estimated system impact

 Estimated system impact

Overall impact: Medium

Memory
Low
CPU
Low
General
Medium
Scanner
Low

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for all BApp Store extensions on our GitHub page.

Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.