crithit
Website Directory and file brute forcing at extreme scale. CritHit takes a single wordlist item and tests it one by one over a large collection of hosts before moving onto the next wordlist item. The intention of brute foricng in this manner is to avoid low limit Web Application Firewall (WAF) bans and to allow brute forcing to run faster than it normally would when approaching any single host with multiple simultaneous requests.
Details
Category: Fuzzing
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/crithit:35f3621
Source URL: https://github.com/codingo/crithit
Parameters
proxy
file
Command:
--proxy - A file containing list of proxy names and port [IP:port].target
string
requiredCommand:
--target - The target URL.verify
string
Command:
--verify - Verify successful results with different proxies.threads
string
Command:
--threads - Number of threads to use (default: 4).verbose
boolean
Command:
--verbose - Be verbose with output.read-for
string
Command:
--read-for - Wait N seconds to receive data from server (default: 10).wait-for
string
Command:
--wait-for - Wait N seconds to connect/send data to server (default: 5).word-list
file
requiredCommand:
--word-list - (required) A filename containing list of words to use.exceptions
file
Command:
--exceptions - File containing words.signatures
file
requiredCommand:
--signatures - File containing list of signatures to look out for in top-level domains.max-sockets
string
Command:
--max-sockets - Number of sockets to use.statuscodes
string
Command:
--statuscodes - Positive status codes (will be overwritten with statuscodesblacklist if set) (default: 200,204,301,302,307,401,403,408).target-list
file
requiredCommand:
--target-list - A file containing the list of targets.randomize-agent
boolean
Command:
--randomize-agent - Use random user agents for requests.statuscodesblacklist
string
Command:
--statuscodesblacklist - Negative status codes (will override statuscodes if set).