Skip to content
/ czar Public

Automating tool for bug hunting recon and bug discovery

Notifications You must be signed in to change notification settings

alpharaoh/czar

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Czar V0.1

What is Czar?

Czar is a fully automated active bug hunting tool for full reconnaissance on a target's domain(s). It utilizes many different tools and also custom made tools to perform a scan every 24 hours (optional). It also produces a report of findings and also sends a message on slack whenever a potential bug is found!

This tool is currently a work in progress with no intention to further develop it. I would highly recommend to use DigitalOcean or AWS instance and get it constantly running on a VPS. Luckily, most websites that offer server hosting have a free tier/trial.

Does it work?

I have currently stopped running Czar on my Digital Ocean droplet but I did for around a week around September 2020. For this period of time the tool discovered many security vunlrabilities such as Subdomain Takeovers, Host Injection Vulrabilities, CVE's. (Check Slack screenshots below)

Usage

Type the following into your terminal on your VPS (or local machine; not recommended)

  1. git clone https://github.com/alpharaoh/czar.git

  2. Now we need to make the requirments.sh file excecutable and run it
    chmod +x requirements.sh
    ./requirements.sh

  3. Then configure your settings and target in config.py located
    nano ./config_and_modules/config.py

  4. Now run!
    python3 main.py

What does it do?

Here is a chart representation of what Czar does.

Slack Screenshots

Bugs

Czar is still a work in progress and may have some bugs. The program will send a slack message when an error occurs and tell you some information on why it happened.

About

Automating tool for bug hunting recon and bug discovery

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published