Agartha - LFI, RCE, Auth, SQL Injection, HTTP to JS

Agartha creates dynamic payload lists and user access matrix to reveal injection flaws and authentication/authorization issues. Agartha creates run-time, systematic and vendor-neutral payloads with many different possibilities and bypassing methods. It also draws attention to user session and URL relationships, which makes it easy to find user access violations. Additionally, it converts HTTP requests to JavaScript to help dig up XSS issues.

In summary:

• Payload Generator: It creates payloads/wordlists for different attack types.
• Local File Inclusion, Directory Traversal: It creates file dictionary lists with various encoding and escaping characters.
• Command Injection / Remote Code Execution: It creates command dictionary lists for both unix and windows environments with different combinations.
• SQL Injection: It creates Stacked Queries, Boolean-Based, Union-Based, Time-Based and Order-Based SQL Injection wordlist for various databases to help finding vulnerable spots.
• Authorization Matrix: It creates an access role matrix based on user sessions and URL lists to determine authorization/authentication related access violation issues.
• HTTP Request to JavaScript Converter: It converts HTTP requests to JavaScript code to be useful for further XSS exploitation and more.