Vimana is a modular coverage framework designed to audit Python internet techniques.
The bottom of the Vimana consists of crawlers serious about frameworks (at the side of the generic ones for internet), trackers, discovery, fuzzer, parser amongst different sorts of modules. The primary concept, from the place the framework emerged, is to spot, by means of a blackbox approach, configuration flaws and insufficient and/or inadequate implementations that allow unhandled exceptions to be led to. Relying at the framework settings (or particular libs even if now not using frameworks, for instance uncooked wsgi) this can result in leakage of delicate and important knowledge that may permit to compromising all of the instrument, server, apis, databases, services and products and products and any 3rd phase tool with tokens, secrets and techniques and methods and methods or api keys in supply uncovered environment variables.
Any other essential step carried out by means of Vimana is to acquire and reconstruct the supply code snippets of the affected modules (leaked by means of exceptions) that allow the invention of hardcoded credentials, connection strings to databases, inclined libraries, at the side of permitting the research of no longer bizarre sense of the applying of a mixed standpoint between the black and whitebox approaches, for the reason that preliminary research begins from a blind check out, however finally in any case finally ends up permitting get admission to to code snippets.
Content material subject matter topic subject matter