OneCTF
OneCTF (0.01k β) is a simple Python suite of tool that I created to automate multiple tasks while using multi-threading.
$ pipx install git+https://github.com/QuentinRa/onectf.git
$ onectf -h
All modules support multi-threading using -t <nb_threads>
.
Modules Overview
OneCTF Request Module
The request module is handy when we want to manually test a payload that needs to be tampered (base64, php octal, etc.)
$ onectf request -u 'URL' -v -X POST -p 'xxx' -i 'x;ls / <er>' --tamper aliases,space2tab
$ onectf request -u 'URL' -v -X POST -p 'xxx' -i 'phpinfo()' --tamper php_octal
OneCTF Crawl Module
The crawl module is handy when we need to crawl a website, but we don't care about external links (e.g., to other websites) and we don't want to waste time waiting for tools such as ZAProxy.
$ onectf crawl -u URL -o /tmp/links.txt
$ onectf craw [...] --comments -L gobuster_output.txt
π You can pass the output of gobuster or a list of endpoints using -L endpoints.txt
. You can display HTML comments using --comments
.
OneCTF UFFUF Module
The uffuf module is handy when we want to upload files from the command line while spoofing the MIME type on the fly or fuzz for filtered extensions or valid MIME types.
$ onectf uffuf -u https://example.com -p uploadFile -F myFile -w wordlist -Fn dummyFUZZ
OneCTF AXFR Module
The AXFR module is handy when we want to test AXFR on a wordlist of subdomains using multi-threading for faster results.
Assuming IP
is the IP address of the DNS server, xxx.yyy
is the domain, and wordlist.txt
is a list of subdomains:
$ head wordlist.txt
aaa
...
$ onectf axfr -D xxx.yyy -r IP -w wordlist.txt -t 64
# try AXFR on aaa.xxx.yyy
# ...
OneCTF Hosts Module
The Hosts module is handy when we often need to edit /etc/hosts
.
$ sudo onectf hosts IPA example.com aaa.example.com
IPA example.com aaa.example.com
$ sudo onectf hosts IPB example.com
IPA aaa.example.com
IPB example.com
- π£οΈ It automatically associates the domains to the IP
- π§Ό It automatically merges entries by IP
- π§Ή It automatically removes IPs with no domains