This project is an automated tool designed to check for and potentially exploit Off-By-Slash vulnerabilities in web applications. It is built using Django and utilizes Celery for real-time output.
Before you begin, ensure you have the following prerequisites installed:
- Redis Server:
sudo apt install redis-server - Celery:
sudo apt install celery - Start Redis Server:
sudo systemctl start redis-server - Check Redis Server:
redis-cli ping
- Clone the repository:
git clone https://github.com/sharathc213/Automated_Off_By_Slash_Detection_and_Exploiter.git cd Automated_Off_By_Slash_Detection_and_Exploiter - Set up virtual environment:
python -m venv env source env/bin/activate - Install dependencies:
pip install -r requirments.txt - Navigate to the Automated Tool directory:
cd Automated\ Tool
-
Start the Django server:
python manage.py runserver -
In a new terminal, activate the virtual environment and navigate to the project directory:
cd Automated_Off_By_Slash_Detection_and_Exploiter cd Automated\ Tool -
Start the Celery worker:
celery -A Project worker -l info -
Access the application by browsing
http://localhost:8000in your web browser. -
Register and login to the application.
-
Enter the URLs txt file to check or exploit, and specify the output path where vulnerable website data will be stored.
-
Start the scan.
-
If vulnerabilities are detected, the website data will be dumped into the specified output path.
- In a new terminal, navigate to the project directory:
cd Automated_Off_By_Slash_Detection_and_Exploiter - Navigate to the
vulnerable-sitedirectory:cd vulnerable-site - Build the Docker image and run the container:
sudo docker build -t tmp/vulnsite . && sudo docker run --rm -it -p 8001:80 -d tmp/vulnsite - Access the vulnerable website by browsing
http://localhost:8001in your web browser.
Medium Blog Post: Unveiling the Off-By-One Slash Vulnerability in NGINX Configurations