added demo, features, credits
This commit is contained in:
Somdev Sangwan
26
README.md
26
README.md
@@ -20,8 +20,31 @@
|
|||||||
</a>
|
</a>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### Important
|
### Important
|
||||||
Bolt is in alpha phase of development which means it's full of bugs. Any production use of this tool discouraged.
|
Bolt is in alpha phase of development which means it's full of bugs. Any production use of this tool discouraged.
|
||||||
|
Pull requests and issues are welcome. I also suggest you to put this repo on watch if you are interested in it.
|
||||||
|
|
||||||
|
### Current Features
|
||||||
|
- Crawling
|
||||||
|
- Complete HTTP Support
|
||||||
|
- Checks
|
||||||
|
- Entropy
|
||||||
|
- Replay attack
|
||||||
|
- Absence of CSRF protection when requested from a mobile
|
||||||
|
- Removing CSRF token parameter from request
|
||||||
|
- Removing CSRF token from parameter
|
||||||
|
- Requesting resources with a fake token
|
||||||
|
- Potenial race condition
|
||||||
|
|
||||||
|
### Features to be added
|
||||||
|
- Support CSRF tokens in cookies
|
||||||
|
- Referrer and Origin based checks
|
||||||
|
- Checks
|
||||||
|
- True entropy of tokens
|
||||||
|
- Checking if server checks the token to a specific length
|
||||||
|
and more...
|
||||||
|
|
||||||
### Usage
|
### Usage
|
||||||
|
|
||||||
@@ -37,3 +60,6 @@ Other options and switches:
|
|||||||
- `--delay` delay between requests
|
- `--delay` delay between requests
|
||||||
- `--timeout` http request timeout
|
- `--timeout` http request timeout
|
||||||
- `--headers` supply http headers
|
- `--headers` supply http headers
|
||||||
|
|
||||||
|
#### Credits
|
||||||
|
Regular Expressions for detecting hashes are taken from [hashID](https://github.com/psypanda/hashID).
|
||||||
|
|||||||
Reference in New Issue
Block a user