Bolt – CSRF Scanning Suite

Bolt - CSRF Scanning Suite

Bolt is in beta part of growth which suggests there may be bugs. Any manufacturing use of this device discouraged. Pull requests and points are welcome. I additionally recommend you to place this repo on watch if you’re excited about it.



Bolt crawls the goal website to the required depth and shops all of the HTML kinds present in a database for additional processing.


In this part, Bolt finds out the tokens which are not sturdy sufficient and the kinds which are not protected.


This part focuses on detection on replay assault situations and therefore checks if a token has been issued a couple of time. It additionally calculates the common levenshtein distance between all of the tokens to see if they’re comparable.

Tokens are additionally in contrast in opposition to a database of 250+ hash patterns.


In this part, 100 simultaneous requests are made to a single webpage to see if identical tokens are generated for the requests.


This part is devoted to energetic testing of the CSRF protection mechanism. It contains however not restricted to checking if safety exsists for moblie browsers, submitting requests with self-generated token and testing if token is being checked to a sure size.


Various statistical checks are carried out on this part to see if the token is de facto random. Following exams are carried out throughout this part

  • Monobit frequency take a look at
  • Block frequency take a look at
  • Runs take a look at
  • Spectral take a look at
  • Non-overlapping template matching take a look at
  • Overlapping template matching take a look at
  • Serial take a look at
  • Cumultative sums take a look at
  • Aproximate entropy take a look at
  • Random excursions variant take a look at
  • Linear complexity take a look at
  • Longest runs take a look at
  • Maurers common statistic take a look at
  • Random excursions take a look at

Scanning an internet site for CSRF utilizing Bolt is as simple as doing

python3 -u -l 2

Where -u is used to provide the URL and -l is used to specify the depth of crawling.
Other choices and switches:

  • -t variety of threads
  • --delay delay between requests
  • --timeout http request timeout
  • --headers provide http headers

Regular Expressions for detecting hashes are taken from hashID.
Bit stage entropy exams are taken from highfestiva‘s python implementation of statistical exams.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.