Fast and customisable parameter based vulnerability scanner based on simple YAML Rules
Erebus is used to test every parameter across targets based on Yaml templates leading to zero false positives and providing fast scanning on large number of hosts. Erebus offers many useful features including an intercepting proxy which allows researchers to browse the web, click on links and erebus will test every parameter that passes through the proxy.
We have a dedicated repository that houses various types of vulnerability templates.
How templates work
Install Erebus Binary
▶ GO111MODULE=on go get -u -v github.com/ethicalhackingplayground/erebus/erebus
Install Erebus From Github
▶ git clone https://github.com/ethicalhackingplayground/erebus ; cd erebus/erebus; go build ; sudo cp erebus /bin
Download Templates
All the available erebus-templates from Github project, are here and ready to use.
|
Usage
erebus -h
This will display help for the tool. Here are all the switches it supports.
👉 erebus help menu 👈
Usage of ./erebus:
-burp-sitemap string
scan burp xml sitemap (without base64 decoded)
-c int
the number of concurrent requsts (default 100)
-crawl
crawl through each intercepted request (default true)
-depth int
the crawl depth (default 5)
-interceptor
intercept the requests through the proxy and test each parameter
-o string
output results to a file
-p string
the port on which the interception proxy will listen on (default "8080")
-scope string
the scope for the proxy intercetor
-secure
determaines if the connection is secure or not
-silent
silent (only show vulnerable urls)
-t string
use the templates with all our yaml rules instead
-tc string
Use other tools by executing an os command (default "qsreplace")
Running Erebus
Scanning for XSS vulnerabilities using the intercepting proxy while crawling.
▶ erebus -t erebus-templates/xss-reflected.yaml -interceptor -crawl -secure
License
Erebus is distributed under GPL-3.0 License