Professional Community

Agartha - LFI, RCE, Auth, SQL Injection, HTTP to JS

Agartha creates dynamic payload lists and user access matrix to reveal injection flaws and authentication/authorization issues. Agartha creates run-time, systematic and vendor-neutral payloads with many different possibilities and bypassing methods. It also draws attention to user session and URL relationships, which makes it easy to find user access violations. Additionally, it converts HTTP requests to JavaScript to help dig up XSS issues.

In summary:

  • Payload Generator: It creates payloads/wordlists for different attack types.
  • Local File Inclusion, Directory Traversal: It creates file dictionary lists with various encoding and escaping characters.
  • Command Injection / Remote Code Execution: It creates command dictionary lists for both unix and windows environments with different combinations.
  • SQL Injection: It creates Stacked Queries, Boolean-Based, Union-Based, Time-Based and Order-Based SQL Injection wordlist for various databases to help finding vulnerable spots.
  • Authorization Matrix: It creates an access role matrix based on user sessions and URL lists to determine authorization/authentication related access violation issues.
  • HTTP Request to JavaScript Converter: It converts HTTP requests to JavaScript code to be useful for further XSS exploitation and more.

Author

Author

Volkan Dindar

Version

Version

0.9

Rating

Rating

Popularity

Popularity

Last updated

Last updated

06 April 2023

Estimated system impact

Estimated system impact

Overall impact: Low

Memory
Low
CPU
Low
General
Low
Scanner
Low

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for all BApp Store extensions on our GitHub page.

Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.