Czar is a fully automated active bug hunting tool for full reconnaissance on a target's domain(s). It utilizes many different tools and also custom made tools to perform a scan every 24 hours (optional). It also produces a report of findings and also sends a message on slack whenever a potential bug is found!
This tool is currently a work in progress with no intention to further develop it. I would highly recommend to use DigitalOcean or AWS instance and get it constantly running on a VPS. Luckily, most websites that offer server hosting have a free tier/trial.
I have currently stopped running Czar on my Digital Ocean droplet but I did for around a week around September 2020. For this period of time the tool discovered many security vunlrabilities such as Subdomain Takeovers, Host Injection Vulrabilities, CVE's. (Check Slack screenshots below)
Type the following into your terminal on your VPS (or local machine; not recommended)
-
git clone https://github.com/alpharaoh/czar.git
-
Now we need to make the requirments.sh file excecutable and run it
chmod +x requirements.sh
./requirements.sh
-
Then configure your settings and target in config.py located
nano ./config_and_modules/config.py
-
Now run!
python3 main.py
Here is a chart representation of what Czar does.
Czar is still a work in progress and may have some bugs. The program will send a slack message when an error occurs and tell you some information on why it happened.