crithit
Website Directory and file brute forcing at extreme scale. CritHit takes a single wordlist item and tests it one by one over a large collection of hosts before moving onto the next wordlist item. The intention of brute foricng in this manner is to avoid low limit Web Application Firewall (WAF) bans and to allow brute forcing to run faster than it normally would when approaching any single host with multiple simultaneous requests.
Details
Category: Fuzzing
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/crithit:35f3621
Source URL: https://github.com/codingo/crithit
Parameters
Command:
--proxy - A file containing list of proxy names and port [IP:port].Command:
--target - The target URL.Command:
--verify - Verify successful results with different proxies.Command:
--threads - Number of threads to use (default: 4).Command:
--verbose - Be verbose with output.Command:
--read-for - Wait N seconds to receive data from server (default: 10).Command:
--wait-for - Wait N seconds to connect/send data to server (default: 5).Command:
--word-list - (required) A filename containing list of words to use.Command:
--exceptions - File containing words.Command:
--signatures - File containing list of signatures to look out for in top-level domains.Command:
--max-sockets - Number of sockets to use.Command:
--statuscodes - Positive status codes (will be overwritten with statuscodesblacklist if set) (default: 200,204,301,302,307,401,403,408).Command:
--target-list - A file containing the list of targets.Command:
--randomize-agent - Use random user agents for requests.Command:
--statuscodesblacklist - Negative status codes (will override statuscodes if set).