Actarus code release

Actarus is a custom tool that can perform automatic recon and store all datas in a database. Afterwards you could consult/search keywords in it to find vulnerabilities or at least entry points.

After some months of inactivity, I finally decided to publicly release the source code of Actarus. I started this project to learn Symfony, now I hate it. Maybe someone will give him another chance to grow up.

Below a quick list of Actarus features:

  • project managment
  • server managment
  • domain managment
  • host (subdomain) managment
  • task managment, priority, autokill
  • automatic recon
  • result interpretation and callback
  • alert managment and automatic generation
  • technology managment and gathering
  • multi processing
  • clustering
  • HackerOne interaction

Here is a video that shows the web gui: video actarus

Here is the git repository.

I also created a Virtual machine with VirtualBox for people who want to test the project but not install/configure it (yes, it’s pain in the ass).
Download the VM

I really think that this tool could help bounty hunters in their daily task. I had the opportunity to test it on 3 dedicated servers at the same time and the result was awesome. 30 task paralellized for 1 week, nights and days, the amount of data collected was huge but because of the interpreter and the search engines, it’s pretty easy to extract Wordpress install, svn repositories, directory listing or whatever you are looking for.

Wordpress testing

Here is the way I usually follow to test a Wordpress install.## Information gatheringGet basic informations with [WPScan](https://wpscan....… Continue reading

« Vulnerabilities list

Published on April 05, 2017

Subdomain takeover - DNS expiration »

Published on October 12, 2016