Aron is a simple GO script for finding hidden GET & POST parameters with bruteforce.
$ git clone https://github.com/m4ll0k/Aron.git aron
$ cd aron
$ go get github.com/m4ll0k/printer
# now check if $GOPATH is set
$ go env | grep -i gopath
# if $GOPATH not set, try with:
$ export GOPATH=$HOME/go
$ go run aron.go
# OR
$ go build aron.go
$ cp aron /usr/bin/
$ aron
Also Read Whatsapp_Automation : Collection Of APIs Interact With WhatsApp Running In An Android Emulator
___
/ | _________ ___
/ /| | / ___/ __ \/ __\
/ ___ |/ / / /_/ / / / /
/_/ |_/_/ \____/_/ /_/ (v0.1.0 beta)
----------------------------
Momo (M4ll0k) Outaadi
Usage of aron:
-data="": Set post data
-get=false: Set get method
-post=false: Set post method
-url="": Set target URL
-wordlist="dict.txt": Set your wordlist
GET BRUTEFORCE:
$ go run aron.go -url http://www.test.com/index.php -get
$ go run aron.go -url http://www.test.com/index.php<[?|id=1|id=1&]> -get
$ go run aron.go -url http://www.test.com/index.php<[?|id=1|id=1&]> -get -wordlist my_wordlist.txt
<[?|id=1|id=1&]> => Possible end URL
OR Note: in this case aron need the wordlist path
$ aron -url http://www.test.com/index.php -get -wordlist path/wordlist.txt
$ aron -url http://www.test.com/index.php<[?|id=1|id=1&]> -get -wordlist path/wordlist.txt
POST BRUTEFORCE:
$ go run aron.go -url http://www.test.com/index.php -post
$ go run aron.go -url http://www.test.com/index.php<[?id=1]> -post
$ go run aron.go -url http://www.test.com/index.php<[?id=1]> -post -data "user=1"
$ go run aron.go -url http://www.test.com/index.php<[?id=1]> -post -data "user=1" -wordlist my_wordlist
OR Note: in this case aron need the wordlist path
$ aron -url http://www.test.com/index.php -post -wordlist path/wordlist.txt
$ aron -url http://www.test.com/index.php<[?id=1]> -post -data "user=1" -wordlist path/wordlist.txt
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…
CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…
The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…