Research Academy
My account Customers About Blog Careers Legal Contact Resellers
  1. Support Center
  2. BApp Store
  3. Agartha - LFI, RCE, SQLi, Auth, HTTP to JS

Professional Community

Agartha - LFI, RCE, SQLi, Auth, HTTP to JS

Download BApp

Agartha creates payloads to reveal injection flaws, generates user request/response tables to spot access violations, and converts Http requests to JavaScript code for further XSS exploitation.

In summary:

  • 'Payload Generator' creates dynamic, systematic and vendor-neutral payloads/wordlists for LFI, RCE and SQLi attacks with many different possibilities and bypassing methods, against various platforms and applications to help finding injections flaws.
  • 'Authorization Matrix' generates user access table based on 'User Sessions X URLs', which makes easy to find access violations and authentication/authorization issues. Also 'SiteMap' feature can crawl all links automatically the user can visit.
  • 'Copy as JavaScript' converts Http requests to JavaScript code for digging up XSS issues and more.

Author

 Author

Volkan Dindar

Version

 Version

1.0

Rating

 Rating

Popularity

 Popularity

Last updated

 Last updated

28 July 2023

Estimated system impact

 Estimated system impact

Overall impact: Medium

Memory
Low
CPU
Low
General
Medium
Scanner
Low

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for all BApp Store extensions on our GitHub page.

Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.