Skip to main content

Web security auditing tool with advanced evasion modes

Project description

ImCurvin

License Bash Python Platform

ImCurvin is an open-source, server-friendly web security auditing tool built for Termux and Linux environments to detect misconfigurations, probe backend vulnerabilities, and discover hidden endpoints. Powered by a flexible Bash core integrated with analytical Python engines, it features advanced multi-vector evasion techniques and adaptive scanning modes.

The framework offers three distinct operational modes:

  • Default Mode: Performs baseline endpoint scanning using wordlist-driven reconnaissance. It randomizes User-Agents and utilizes built-in rate limiting to evade initial detection, making it ideal for target assessment.
  • Risk Mode: Escalates reconnaissance by routing traffic through TOR circuits. It operates in a 3-stage sequence: Endpoint Discovery, Time-Based SQL Injection with custom tampering, and Gentle Probing via HTTP OPTIONS requests to harvest server metadata. Includes a Python post-scan validator to eliminate network-induced false positives.
  • Defiance Mode: An aggressive, high-throughput engine optimized for MySQL time-based injection attacks. It features dual-vector parallel attacks with multi-port TOR circuit load-balancing, achieving true multi-IP rotation per request. Evasion is pushed to its limits using multi-layered tampers (XOR, Base64, and more) coupled with adaptive header injection, Synchronized JA3/JA4 TLS Fingerprinting, Automated Control Loop Shadowban Evasion, HTTP Chunked Transfer Encoding Mismatch, HTTP/2 Rapid Reset Protocol Exploitation, and more advanced WAF/CDN bypass. This mode implements an enhanced, highly accurate Python validation engine to isolate genuine database delays from baseline network latency.

For a detailed breakdown of each operational mode and its technical implementation, please visit the repository and check the Mode.md file.

Requirements:

  • tor
  • xxd
  • curl
  • coreutils
  • python3 (for Git installation)

Source:

https://github.com/Skokoo/ImCurvin

Legal Disclaimer

This tool is developed for educational purposes and authorized penetration testing only. The developer assumes no liability and is not responsible for any misuse, damage, or legal consequences caused by this tool. Usage on unauthorized targets is strictly illegal.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

imcurvin-1.3.2.tar.gz (27.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

imcurvin-1.3.2-py3-none-any.whl (35.2 kB view details)

Uploaded Python 3

File details

Details for the file imcurvin-1.3.2.tar.gz.

File metadata

  • Download URL: imcurvin-1.3.2.tar.gz
  • Upload date:
  • Size: 27.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for imcurvin-1.3.2.tar.gz
Algorithm Hash digest
SHA256 f2f3b738f80d4a7cc9a7c9141bb06b827a3b8210a343fece71a937f1cb1cdd1d
MD5 22a7faeae03e8bdb463c2dde9d734fba
BLAKE2b-256 53acd0abf3d13c735ba28e5e45818807bef59dd286dd95f7b3d372b19a9103d5

See more details on using hashes here.

Provenance

The following attestation bundles were made for imcurvin-1.3.2.tar.gz:

Publisher: pypi-publish.yml on Skokoo/ImCurvin

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file imcurvin-1.3.2-py3-none-any.whl.

File metadata

  • Download URL: imcurvin-1.3.2-py3-none-any.whl
  • Upload date:
  • Size: 35.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for imcurvin-1.3.2-py3-none-any.whl
Algorithm Hash digest
SHA256 fb617841e6f322d922dfc1d9257cf15b5e5654bb3f03d16dda069d2ccfb1bc56
MD5 3e0bc82bdf7461bb584e228296c901cb
BLAKE2b-256 ee4210e3c88f43054c925c3edbeb6e10f097ad0e90317f97ee15110f8d9a67ce

See more details on using hashes here.

Provenance

The following attestation bundles were made for imcurvin-1.3.2-py3-none-any.whl:

Publisher: pypi-publish.yml on Skokoo/ImCurvin

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page