Bolt is in beta part of growth which suggests there may be bugs. Any manufacturing use of this device discouraged. Pull requests and points are welcome. I additionally recommend you to place this repo on watch if you’re excited about it.
In this part, Bolt finds out the tokens which are not sturdy sufficient and the kinds which are not protected.
Tokens are additionally in contrast in opposition to a database of 250+ hash patterns.
In this part, 100 simultaneous requests are made to a single webpage to see if identical tokens are generated for the requests.
Various statistical checks are carried out on this part to see if the token is de facto random. Following exams are carried out throughout this part
- Monobit frequency take a look at
- Block frequency take a look at
- Runs take a look at
- Spectral take a look at
- Non-overlapping template matching take a look at
- Overlapping template matching take a look at
- Serial take a look at
- Cumultative sums take a look at
- Aproximate entropy take a look at
- Random excursions variant take a look at
- Linear complexity take a look at
- Longest runs take a look at
- Maurers common statistic take a look at
- Random excursions take a look at
Scanning an internet site for CSRF utilizing Bolt is as simple as doing
python3 bolt.py -u https://github.com -l 2
-u is used to provide the URL and
-l is used to specify the depth of crawling.
Other choices and switches:
-tvariety of threads
--delaydelay between requests
--timeouthttp request timeout
--headersprovide http headers