Web security auditing tool with advanced evasion modes
Project description
ImCurvin
ImCurvin is an open-source, server-friendly web security auditing tool built for Termux and Linux environments to detect misconfigurations, probe backend vulnerabilities, and discover hidden endpoints. Powered by a flexible Bash core integrated with analytical Python engines, it features advanced multi-vector evasion techniques and adaptive scanning modes.
The framework offers three distinct operational modes:
- Default Mode: Performs baseline endpoint scanning using wordlist-driven reconnaissance. It randomizes User-Agents and utilizes built-in rate limiting to evade initial detection, making it ideal for target assessment.
- Risk Mode: Escalates reconnaissance by routing traffic through TOR circuits. It operates in a 3-stage sequence: Endpoint Discovery, Time-Based SQL Injection with custom tampering, and Gentle Probing via HTTP OPTIONS requests to harvest server metadata. Includes a Python post-scan validator to eliminate network-induced false positives.
- Defiance Mode: An aggressive, high-throughput engine optimized for MySQL time-based injection attacks. It features dual-vector parallel attacks with multi-port TOR circuit load-balancing, achieving true multi-IP rotation per request. Evasion is pushed to its limits using multi-layered tampers (XOR, Base64, and more) coupled with adaptive header injection, Synchronized JA3/JA4 TLS Fingerprinting, Automated Control Loop Shadowban Evasion, HTTP Chunked Transfer Encoding Mismatch, HTTP/2 Rapid Reset Protocol Exploitation, and more advanced WAF/CDN bypass. This mode implements an enhanced, highly accurate Python validation engine to isolate genuine database delays from baseline network latency.
For a detailed breakdown of each operational mode and its technical implementation, please visit the repository and check the Mode.md file.
Requirements:
- tor
- xxd
- curl
- coreutils
- python3 (for Git installation)
Source:
https://github.com/Skokoo/ImCurvin
Legal Disclaimer
This tool is developed for educational purposes and authorized penetration testing only. The developer assumes no liability and is not responsible for any misuse, damage, or legal consequences caused by this tool. Usage on unauthorized targets is strictly illegal.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file imcurvin-1.3.2.tar.gz.
File metadata
- Download URL: imcurvin-1.3.2.tar.gz
- Upload date:
- Size: 27.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f2f3b738f80d4a7cc9a7c9141bb06b827a3b8210a343fece71a937f1cb1cdd1d
|
|
| MD5 |
22a7faeae03e8bdb463c2dde9d734fba
|
|
| BLAKE2b-256 |
53acd0abf3d13c735ba28e5e45818807bef59dd286dd95f7b3d372b19a9103d5
|
Provenance
The following attestation bundles were made for imcurvin-1.3.2.tar.gz:
Publisher:
pypi-publish.yml on Skokoo/ImCurvin
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
imcurvin-1.3.2.tar.gz -
Subject digest:
f2f3b738f80d4a7cc9a7c9141bb06b827a3b8210a343fece71a937f1cb1cdd1d - Sigstore transparency entry: 2149061451
- Sigstore integration time:
-
Permalink:
Skokoo/ImCurvin@8d92874486c2ac075990a330a7246be025982f2d -
Branch / Tag:
refs/heads/main - Owner: https://github.com/Skokoo
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi-publish.yml@8d92874486c2ac075990a330a7246be025982f2d -
Trigger Event:
push
-
Statement type:
File details
Details for the file imcurvin-1.3.2-py3-none-any.whl.
File metadata
- Download URL: imcurvin-1.3.2-py3-none-any.whl
- Upload date:
- Size: 35.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fb617841e6f322d922dfc1d9257cf15b5e5654bb3f03d16dda069d2ccfb1bc56
|
|
| MD5 |
3e0bc82bdf7461bb584e228296c901cb
|
|
| BLAKE2b-256 |
ee4210e3c88f43054c925c3edbeb6e10f097ad0e90317f97ee15110f8d9a67ce
|
Provenance
The following attestation bundles were made for imcurvin-1.3.2-py3-none-any.whl:
Publisher:
pypi-publish.yml on Skokoo/ImCurvin
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
imcurvin-1.3.2-py3-none-any.whl -
Subject digest:
fb617841e6f322d922dfc1d9257cf15b5e5654bb3f03d16dda069d2ccfb1bc56 - Sigstore transparency entry: 2149061503
- Sigstore integration time:
-
Permalink:
Skokoo/ImCurvin@8d92874486c2ac075990a330a7246be025982f2d -
Branch / Tag:
refs/heads/main - Owner: https://github.com/Skokoo
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi-publish.yml@8d92874486c2ac075990a330a7246be025982f2d -
Trigger Event:
push
-
Statement type: