Bolt
A dumb CSRF scanner
Important
Bolt is in alpha phase of development which means it's full of bugs. Any production use of this tool discouraged. Pull requests and issues are welcome. I also suggest you to put this repo on watch if you are interested in it.
Current Features
- Crawling
- Complete HTTP Support
- Checks
- Entropy
- Replay attack
- Absence of CSRF protection when requested from a mobile
- Removing CSRF token parameter from request
- Removing CSRF token from parameter
- Requesting resources with a fake token
- Potenial race condition
Features to be added
- Support CSRF tokens in cookies
- Referrer and Origin based checks
- Checks
- True entropy of tokens
- Checking if server checks the token to a specific length and more...
Usage
Scanning a website for CSRF using Bolt is as easy as doing
python3 bolt.py -u https://github.com -l 2
Where -u is used to supply the URL and -l is used to specify the depth of crawling.
Other options and switches:
-tnumber of threads--delaydelay between requests--timeouthttp request timeout--headerssupply http headers
Credits
Regular Expressions for detecting hashes are taken from hashID.