OneCTF

OneCTF (0.01k ⭐) is a simple Python suite of tool that I created to automate multiple tasks while using multi-threading.

$ pipx install git+https://github.com/QuentinRa/onectf.git
$ onectf -h

All modules support multi-threading using -t <nb_threads>.

The documentation for each module:

  • AXFR: find hidden subdomains vulnerable to zone transfer
  • Crawl: HTML web crawler
  • Hosts: host file management utility
  • Request: request encoder
  • uffuf: file upload fuzzer

Modules Overview

OneCTF Request Module

The request module is handy when we want to manually test a payload that needs to be tampered (base64, php octal, etc.)

$ onectf request -u 'URL' -v -X POST -p 'xxx' -i 'x;ls / <er>' --tamper aliases,space2tab
$ onectf request -u 'URL' -v -X POST -p 'xxx' -i 'phpinfo()' --tamper php_octal

OneCTF Crawl Module

The crawl module is handy when we need to crawl a website, but we don't care about external links (e.g., to other websites) and we don't want to waste time waiting for tools such as ZAProxy.

$ onectf crawl -u URL -o /tmp/links.txt
$ onectf craw [...] --comments -L gobuster_output.txt

πŸ“š You can pass the output of gobuster or a list of endpoints using -L endpoints.txt. You can display HTML comments using --comments.


OneCTF UFFUF Module

The uffuf module is handy when we want to upload files from the command line while spoofing the MIME type on the fly or fuzz for filtered extensions or valid MIME types.

$ onectf uffuf -u https://example.com -p uploadFile -F myFile -w wordlist -Fn dummyFUZZ

OneCTF AXFR Module

The AXFR module is handy when we want to test AXFR on a wordlist of subdomains using multi-threading for faster results.

Assuming IP is the IP address of the DNS server, xxx.yyy is the domain, and wordlist.txt is a list of subdomains:

$ head wordlist.txt
aaa
...
$ onectf axfr -D xxx.yyy -r IP -w wordlist.txt -t 64
# try AXFR on aaa.xxx.yyy
# ...

OneCTF Hosts Module

The Hosts module is handy when we often need to edit /etc/hosts.

$ sudo onectf hosts IPA example.com aaa.example.com
IPA example.com aaa.example.com
$ sudo onectf hosts IPB example.com
IPA aaa.example.com
IPB example.com
  • πŸ›£οΈ It automatically associates the domains to the IP
  • 🧼 It automatically merges entries by IP
  • 🧹 It automatically removes IPs with no domains