Git Product home page Git Product logo

chameleon's Introduction

Chameleon

Chameleon provides better content discovery by using wappalyzer's set of technology fingerprints alongside custom wordlists tailored to each detected technologies.

The tool is highly customizable and allows users to add in their own custom wordlits, extensions or fingerprints.

The full documentation is available on: https://youst.in/posts/context-aware-conent-discovery-with-chameleon/

Installation

Step 1:

Visit https://rustup.rs/ and follow the instructions to get started with rust and cargo.

Step 2:

> cargo install --git https://github.com/iustin24/chameleon

Installing the crate will create the directory ~/.config/chameleon/ and download the config file and custom wordlists.

Step 3:

In order to use the technology auto-detect feature, you will need to install (headless) chrome otherwise you will get the following error: Could not auto detect a chrome executable

Example Usage:

Tech Scan + Directory Bruteforce:

> chameleon --url https://example.com -a


Options

OPTIONS:
    -a, --tech-detect
            Automatically detect technologies with wappalyzer and adapt wordlist

    -A, --auto-calibrate
            Automatically calibrate filtering options (default: false)

    -c, --config <CONFIG>
            Config file to use [default: ~/.config/chameleon/config.toml]

    -C, --fc <FILTERCODE>...
            Filter HTTP status codes from response - Comma separated list [default: 404]

    -h, --help
            Print help information

    -i, --include tech <TECHS>
            Technology to be included, even if its not detected by wappalyzer. ( -i PHP,ISS )

    -L, --hosts-file <HOSTS_FILE>
            List of hosts to scan

    -M, --mc <MATCHCODE>...
            Match HTTP status codes from response - Comma separated list

    -s, --ms <MATCHSIZE>...
            Match HTTP response size. Comma separated list of sizes

    -S, --fs <FILTERSIZE>...
            Filter HTTP response size. Comma separated list of sizes

    -t, --concurrency <CONCURRENCY>
            Number of concurrent threads ( default: 200 ) [default: 200]

    -T, --tech url <TECH_URL>
            URL which will be scanned for technologies. By default, this is the same as '-u',
            however it can be changed using '-T'

    -u, --url <URL>
            url to scan

    -U, --user-agent <USERAGENT>
            Change the value for the user-agent header [default: "Chameleon /
            https://github.com/iustin24/chameleon"]

    -V, --version
            Print version information

    -w, --wordlist <WORDLIST>
            Main wordlist to use for bruteforcing

    -W, --small-wordlist <SMALL_WORDLIST>
            Wordlist used to generate files by adding extensions ( FUZZ.%ext )

Config file

Chameleon uses the config file located in ~/.config/chameleon/config.yaml.

Changing the default wordlists:

If no wordlist is provided, chameleon will use the wordlist specified in main_wordlist from the config file. ( Default: ~/.config/chameleon/wordlists/raft-medium-words.txt )

When detecting technologies with characteristic extensions, chameleon will generate a wordlist by like so ( FUZZ.%ext ). Chameleon will use the wordlist specified in small_wordlist from the config file. ( Default: ~/.config/chameleon/wordlists/raft-medium-words.txt )

Changing technology wordlists

Example config.yaml with technology specific wordlists:

# Technology Specific Wordlists:

Flask="~/.config/chameleon/wordlists/Flask.txt"
Java="~/.config/chameleon/wordlists/Java.txt"
Go="~/.config/chameleon/wordlists/GO.txt"
...

Adding new technology wordlists

Chameleon uses fingerprints from https://github.com/iustin24/wappalyzer/blob/master/apps.json. You can add new technology wordlists by taking the name of a technology from apps.json and adding it to the config file like so:

# Technology Specific Wordlists:

1C-Bitrix="~/.config/chameleon/wordlists/new_tech_wordlist.txt"
...

Adding new extension fingerprints.

Chameleon generates wordlists using characteristic extensions matching the detected technology. You can add / modify the extensions in the config file like so:

# Technology specific Extensions

Microsoft_ASP_NET_ext="aspx,ashx,asmx,asp"
Java_ext="jsp"
CFML_ext="cfm"
Python_ext="py"
PHP_ext="php"

To-do

Update the wappalyzer crate to also support the "implies" feature for better technology detection.

Add auto calibration for filtering

Add option to add custom headers.

Credits

epi052 - https://github.com/epi052/feroxfuzz/

chameleon's People

Contributors

iustin24 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.