Hope all of you enjoyed Diwali.
This time we will be discussing about MoC Chrome Crawler, a crawler extension written in HaXe for Google Chrome platform.
Like any other crawler program it can be used to crawl web pages to find interesting resources and links including, but not limited to:-
- Higher privilege pages like administrator pages
- Important files and/or documents
- Configuration files
- Log Files etc.
The use of any tool is limited only by the imagination of the user, so this is going to be a demo which can show you how to use your imagination in such a way that even a simple tool can be used to its highest degree.
Currently OWASP Mantra Moc is not available in Matriux, however we will make sure it’s available by the time you are ready to go on! You have our promise and from team Mantra 😉
You can get MoC Pre Alpha either from the official website (http://www.getmantra.com/download/index.html) or you can access it from Arsenal > Framework > MoC.
After running MoC, you should activate the extension first. For this, click on Extensioner icon on the top right corner next to the address bar and then Network Utilities section.
Now you will be able to see a Chrome Crawler icon.
Right click on the Chrome Crawler icon and there you can customize:-
• The file types you would like to be scanned
• Whether scanning has to be paused while you are working with multiple tabs
• The crawl depth or number of simultaneous page requests at any given time etc.
Save the settings once you have completed. configuring it.
After getting hands dirty with some SQL command injections, we landed on to the administrative panel of the website. What else can be done with MoC other than this?
Well most of the times, automated security scanners generates a huge amount of traces to the server log. Especially input field fuzzing activities performed by these scanners are noisy and can make lots of entries in the server logs.
Also team Matriux is looking for enthusiasts to its new Project – A distribution focused on Malware interested folks can mail at firstname.lastname@example.org
Happy hacking 🙂
Twitter : @matriuxtig3r