0d1n, Brute Force, Bruteforce, CSRF, Downloads, Fuzzing, Hacking Tools, Libcurl, Linux, SQLi, Thread Pool, Web Server, XSS

0D1N v3.4 – Tool For Automating Customized Attacks Against Web Applications (Full Made In C Language With Pthreads, Have A Fast Performance)

0d1n is a tool for automating customized attacks against web applications. This tool is very faster because uses thread pool and C language.

0d1n is a tool for automating customized attacks against web applications. Video demo:

[embedded content]

Tool functions:

  • Brute force login and passwords in auth forms

  • Directory disclosure ( use PATH list to brute, and find HTTP status code )

  • Test to find SQL Injection and XSS vulnerabilities

  • Test to find SSRF

  • Test to find COmmand injection

  • Options to load ANTI-CSRF token each request

  • Options to use random proxy per request

  • other functions…

To run and install follow this steps:

require libcurl-dev or libcurl-devel(on rpm linux based)

$ git clone https://github.com/CoolerVoid/0d1n/

You need libcurl to run, look the following to install::

$ sudo apt-get install libcurl-dev
or try libcurl4-dev... libcurl*

if rpm distro

$ sudo yum install libcurl-devel

To install follow this cmd:

$ cd 0d1n

$ make; sudo make install USER=name_your_user;

$ cd 0d1n_view; make; sudo make install USER=name_your_user;

Up the view server to look the reports online:

$ sudo 0d1n_view 

Now in other console you can run the tool:

$ 0d1n

to uninstall follow this steps:

$ cd 0d1n; sudo make uninstall

$ cd 0d1n_view; sudo make uninstall

Attack examples:

Brute force to find directory

$ 0d1n --host^ --payloads /opt/0d1n/payloads/dir_brute.txt --threads 500 --timeout 3 --log bartsimpsom4 --save_response

Note: You can change value of threads, if you have a good machine, you can try 800, 1200… each machine have a different context.

For SQL injection attack

$ 0d1n --host 'http://site.com/view/1^/product/^/' --payloads /opt/0d1n/payloads/sqli_list.txt --find_string_list /opt/0d1n/payloads/sqli_str2find_list.txt --log log1337 --tamper randcase --threads 800 --timeout 3 --save_response\n"

Note: Tamper is resource to try bypass the web application firewall

To brute force auth system

0d1n --host 'http://site.com/auth.py' --post 'user=admin&password=^' --payloads /opt/0d1n/payloads/wordlist.txt --log log007 --threads 500 --timeout 3\n"

Note: if have csrf token, you can use argv to get this token each request and brute…

Search SQLi in hard mode in login system with csrf token:

0d1n --host "^" --payloads /opt/0d1n/payloads/sqli.txt --find_string_list /opt/0d1n/payloads/find_responses.txt --token_name user_token --log logtest_fibonaci49 --cookie_jar /home/user_name/cookies.txt --save_response --tamper randcase --threads 100

Note: Load cookies jar form browser and save in cookies.txt to load.

Notes External libs

  • To gain extreme performance 0d1n uses thread pool of posix threads, you can study this small library: https://github.com/Pithikos/C-Thread-Pool

  • The 0d1n uses OpenBSD/NetBSD functions to work with strings some thing like strlcat() and strlcpy() to prevent buffer overflow.

Project Overview on cloc

[email protected]:~/codes$ cloc 0d1n/
937 text files.
532 unique files.
451 files ignored.

Language files blank comment code
JavaScript 361 9951 15621 52178
C 51 4986 4967 26642
C/C++ Header 30 1184 2858 4295
CSS 10 434 369 2142
HTML 7 59 0 1616
TeX 2 52 4 206
Markdown 3 81 0 137
make 4 36 9 130
Bourne Shell 2 0 0 4
SUM: 487 16835 23846 91213

Read the docs, and help menu when you execute “0d1n” binary…

Do you have any doubt about 0d1n? please create a issue in this repository, i can help you…

To study old versions look this following:


Source : KitPloit – PenTest Tools!

Previous ArticleNext Article
Send this to a friend