Does Anyone remember this tweet ?
Ok because of replies , users asked to release the tool , sorry for the delay but we thought to present a good tool.
We are presenting Cazador which make use of all available services , tools , techniques to help you while hacking/bug-hunting.
Cazador is a Spanish word means Hunter , not a normal hunter , the tool we are discussing is not a tool it is a collection consist of more than 50 tools.
The main idea when the project was planned , that i need a tool for each action i do while hacking. and i landed in using multiple tools/scripts .
Once a time i came across multiple issues in which i was able to bypass the brute-force protection and the team requires a working POC, can you please write a shell or python script to help us replicate ? Of course let me write one , again and again , this is boring and to be honest i am very lazy , why there is no tool to that , Takes a request and generates a script , guess what we created a one which generates python code with your configuration 😀 .
so why not to create a tool which do all actions required and avoid using dozens of tools.This is cazador unfortunately the project is under development so not all tools are available also you can suggest a tool regardless the simplicity cazador is a collection of simple tools do not worry suggest even a text processor.
Most tools are available and we can not simulate the best in the community, although the tool has a repeater but we can not compare it with burp repeater although repeater is not a big deal.
The tool has many fuzzers but wfuzz is amazing , so should we use your tool ? we are giving you an already setup , you will not need to install any dependencies , setup requirements , we are offering working tools they just waiting your clicks.
Cazador has dozens of tools which we can not cover all of them , The github repo will do.
To save the time and make the post simple , the tool is now in beta version and available via Github . Source code will be available soon.
Conclusion of the tools
- It has an amazing sub-domain scrabber ” a tool which uses an online service”. You can list subdomains of a target in seconds.
- It has HTTP Pinger which displays the summary of HTTP responses of multiple domains.
- It has TCP/HTTP/DNS servers.
- Vulnerability scanners
- File searcher
- DNS lookup tools
- Fuzzers to search for files , directories and reflected parameters
- Amazing Text processor.Encoders/decoders/converters
- POC Generators
- Pre-defined agenda
- MisConfiguration detectors
- It has a screenshotter which is using IE control , but will be replaced in coming version .
The tool will be fully-customizable as much as we can , newer version will :
- enable you to set up a service , add your own lists , build your own tools, ,generate reports , it also has a Hackerone submitter to automate the process of sending reports but unfortunately we disabled it for some reasons . It is written in c# an amazing language unfortunately it currently works only on windows , NO plans for a cross-platform version.