overflow - a node graph-based vulnerability scanner
overflow combines multiple other tools like Metasploit, nmap, Burp Suite, sqlmap and others so that you can make node graphs linking them together! So, for example, you can have subdomains pulled from crt.sh, then each one scanned for open ports by nmap, checked by Metasploit and finally logged if vulnerable. This can make scanning for vulnerabilities a lot easier and much more customizable for security enthusiasts and pentesters.
Followers
glutesha
Check their projects out: glutesha.me, BitLace, BitBusy, SteadyHaystack, Picomorse
Ivan P
Check their projects out: Interview Hack, My Website For Reactive, Hack Circuit
Eucatastrophe
Check their projects out: inconspicuous authentication, sciolyskillz, marbles, sands
Ivole32
Check their projects out: Linux API, Requirement Loader, System Monitor, Status Monitor, Gambling Simulator, Remote Workflow, UserScripts, PC-Info
Ship Your Project
Get ready!
Once you ship this you can't edit the description of the project, but you'll be able to add more devlogs and re-ship it as you add new features!
Timeline
Added a module for logging with HTTP requests. (and also clarified the docs! some stuff needs to be installed separately)
I added ten more helper nodes, such as regex matching nodes, DNS-related nodes, etc., and I think I'm ready to ship!
I added docs directly to overflow so that it's easier to learn it. (And also fixed a couple bugs!)
I also added sqlmap support! I think this is going to be the last one for now, I still need to work on helper functions, docs and polishing.
ZAP integration! You can now find new targets using ZAP's spider and scan them with its scanner.
Last devlog for today!
Last time, I forgot to mention the tasks tab that displays the currently running tasks like scans and checks.
Also, I added Sublist3r support (alongside a few other small things)! So now you can use Sublist3r with the other tools as well.
I'll also have to add a few helper nodes that would allow you to do string matching and other stuff, and I also have a couple ideas for new integrations, so stay tuned!
Burp suite integration!
Now you can automatically run Burp Suite scans using its builtin REST API. You can also create a custom configuration in Burp's settings and specify its name in the node settings to customize the scans.
First devlog!
As of right now, saving/loading workspaces, error logging integrations with Metasploit, nmap and crt.sh as well as some other helper nodes are supported. There's still lots more to come though!
