0d1n is a tool for automating customized attacks against web applications.
It is an Open Source web application bruteforcer and Fuzzer, its objective is to automate exhaustive tests to find anomalies/vulnerabilities. These tests can follow web parameters, files, directories, forms and others.
- Brute force login and passwords in auth forms
- Directory disclosure ( use PATH list to brute, and find HTTP status code )
- Test to find SQL Injection and XSS vulnerabilities
- Options to load ANTI-CSRF token each request
- Options to use random proxy per request
- and More…
Rules you need know about parameters:
- Each parameter is a resource function to help you
- When you view character ’ ˆ ’(circumflex) this is lexical character this represents the payload to replace each line in text file
- The parameter “–log” you need use always
- The parameter “–host” you need use always
- Tamper is a function to use camouflage in your payload, this way you can bypass web application firewall
- Each option use a different technique to hide the payload
- You need to remember to using proxy list per Request to try to walk in stealth to work without blacklists.