Makl Ndrix

Lilith

LiLith is a tool written in Perl to audit web applications. This tool analyses webpages and looks for html <form> tags , which often refer to dynamic pages that might be subject to SQL injection or other flaws.

It works as an ordinary spider and analyses pages, following hyperlinks, injecting special characters that have a special meaning to any underlying platform.

Any Web applications scanner can never perform a full 100% correct audit. Therefore, a manual re-check is necesarry. Hence, be aware that Lilith might come up with several false positives.

Download Lilith
Lilith 0.6

Changes
The new version of LiLith, 0.6a has been a major upgrade, few of the changes are listed below:

  • got rid of many many false positives (that’s good)
  • when SQL error is found, it now goes onto next var
  • improved (i hope) scanning engine
  • (anti) coldfusion support
  • better cookie handling and cookie tampering
  • omitted perl HTML::Form limitation
  • better verbose output
  • extensive logging
  • detects directory indexing
  • recursive URL dissection
  • cleaned up this pasta code

More Information
For more information, it is recommended to read the following white paper: web dissection using lilith.

Contact
To contact me, please feel free to email me at root@michaelhendrickx.com, or at any of the other -more social- ways mentioned in the about page.

Comments

11 responses to “Lilith”

  1. Lilith – Web Application Security Audit Tool | National Cyber Security

    […] Or read more here. […]

  2. Automated Web App Scanning | Bright Axis

    […] http://michaelhendrickx.com/lilith […]

  3. » LiLith v0.6 – CyberPunk

    […] re-check is necesarry. Hence, be aware that Lilith might come up with several false positives. Source && Download […]

  4. Categorized list of Security tools

    […] […]

  5. Tester la sécurité de sont site web

    […] Lilith est un outil d’audit de code pour vos pages web qui cherchera dans vos tags HTML des références à des pages dynamiques qui pourraient être soumises à des injections SQL ou autres vulnérabilités.Ce script écrit en perl fonctionne comme un crawler et cherchera les liens dans une page pour accéder au reste du site. Il essaiera d’injecter des caractères spéciaux dans ces liens pour tester votre site.Téléchargement et informations : http://michaelhendrickx.com/lilith […]

  6. Mega thread for Categorized List Of Security Tools

    […] LiLithhttp://michaelhendrickx.com/lilith LiLith is a tool written in Perl to audit web applications. This tool analyses webpages and looks for html <form> tags, which often refer to dynamic pages that might be subject to SQL injection or other flaws. […]

  7. Hacking Tools |

    […] SCANNERS Arachni Burp Suite CAL9000 CAT CookieDigger DIRB Fiddler Gamja Grendel-Scan HTTrack LiLith Nikto2 Paros Powerfuzzer ProxyScan.pl Ratproxy ScanEx Scrawlr Springenwerk Sqlmap Sqlsus […]

  8. Большая подборка хакерского софта часть 2 – Slivki

    […] LiLith […]

  9. The Best Hacking Tools. – Infamous Security Org

    […] LiLith […]

  10. fadya Avatar
    fadya

    hello

  11. fedy Avatar
    fedy

    i am fedya

Leave a Reply

Your email address will not be published. Required fields are marked *