Share
## https://sploitus.com/exploit?id=BFA85ECC-D927-5C97-A786-EB1A6E10520B
โš”๏ธ TSURUGI v3.0
  
    Offensive Web Security Framework
  
  
    Detect. Verify. Exploit.
  



  
  
  
  


---

## What is Tsurugi?

**Tsurugi** (ๅ‰ฃ - Japanese for "sword") is a modular offensive security framework for Bug Bounty hunters and penetration testers. Unlike basic scanners, Tsurugi **confirms vulnerabilities** before reporting them.

### Key Differentiators

| Feature | Basic Scanners | Tsurugi v3.0 |
|---------|---------------|--------------|
| XSS Detection | Pattern matching | โœ… **Browser-confirmed** (zero false positives,flagged for manual analysis) |
| Secret Detection | Regex only | โœ… **API-verified** (tests if keys work) |
| DOM XSS | โŒ Not supported | โœ… **Static JS analysis** |
| CVE Scanning | Limited | โœ… **6000+ Nuclei templates** |
| Hidden Params | โŒ Not supported | โœ… **100+ param fuzzing** |

---

## Features

### Vulnerability Scanners
- **SQLi** โ€” Error-based + Time-based blind with dynamic threshold
- **XSS** โ€” Reflected + Blind (OOB) + **Headless Confirmation**
- **LFI** โ€” Path traversal with encoding bypass
- **SSTI** โ€” Jinja2, Twig, Freemarker, Velocity, Smarty, Mako
- **Secrets** โ€” 30+ patterns (AWS, Stripe, GitHub, JWT...) with **active verification**

### v3.0 New Modules
- **DOM XSS** โ€” Static JavaScript analysis (sinks/sources)
- **Params** โ€” Hidden parameter discovery
- **Nuclei** โ€” Integration with 6000+ vulnerability templates

### Recon & Automation
- **Crawler** โ€” Discovers endpoints, forms, JS routes
- **Hunter** โ€” Automated subfinder โ†’ nuclei pipeline
- **Mass Scan** โ€” Multi-threaded batch scanning

### Evasion & Stealth
- **Cloudflare Bypass** โ€” cloudscraper + playwright-stealth
- **Stealth Mode** โ€” Timing delays + header randomization
- **Proxy Support** โ€” Route through Burp/ZAP

---

## Installation

```bash
git clone https://github.com/ThreatBiih/HikariSystem-Tsurugi.git
cd TSURUGI
pip install -r requirements.txt

# For headless features (--confirm, --heavy, --cf-bypass)
playwright install chromium
```

**Optional dependencies:**
- `nuclei` โ€” For CVE scanning ([install](https://docs.projectdiscovery.io/tools/nuclei/install))
- `subfinder` โ€” For subdomain enumeration

---

## Quick Start

### Scan for SQL Injection
```bash
python tsurugi.py attack "http://target.com/page?id=1"
```

### XSS with Browser Confirmation
```bash
python tsurugi.py xss "http://target.com/search?q=test" --confirm
```

### Find Hidden Parameters
```bash
python tsurugi.py params "http://target.com/api/user"
```

### DOM XSS Analysis
```bash
python tsurugi.py domxss "http://target.com"
```

### Scan for CVEs with Nuclei
```bash
python tsurugi.py nuclei "http://target.com" --templates cves,exposures
```

### Detect & Verify Secrets
```bash
python tsurugi.py secrets "http://target.com/app.js" --verify
```

---

## Full Command Reference

| Command | Description |
|---------|-------------|
| `attack ` | SQL Injection scanner |
| `xss  [--confirm]` | XSS scanner with optional browser confirmation |
| `lfi ` | Local File Inclusion scanner |
| `ssti ` | Server-Side Template Injection |
| `secrets  [--verify]` | Secret/credential detection |
| `params ` | Hidden parameter discovery |
| `domxss ` | DOM XSS static analysis |
| `nuclei ` | CVE/vuln scan (6000+ templates) |
| `crawl ` | Spider for endpoints |
| `hunter ` | Full recon automation |
| `mass_check ` | Batch scanning |
| `report` | Generate HTML report |

### Global Flags

| Flag | Description |
|------|-------------|
| `--cookie`, `-c` | Session cookie |
| `--proxy`, `-p` | Proxy URL (Burp, ZAP) |
| `--stealth`, `-s` | Evasion mode |
| `--cf-bypass` | Cloudflare bypass |
| `--oob` | Out-of-band detection |
| `--heavy` | Headless browser mode |

---

## Output Structure

```
TSURUGI/
โ”œโ”€โ”€ loot/                    # Vulnerability findings (JSON)
โ”‚   โ”œโ”€โ”€ sqli_*.json
โ”‚   โ”œโ”€โ”€ xss_confirmed_*.json
โ”‚   โ”œโ”€โ”€ secrets_*.json
โ”‚   โ””โ”€โ”€ screenshots/         # XSS confirmation screenshots
โ”œโ”€โ”€ reports/                 # HTML reports
โ””โ”€โ”€ payloads/                # Custom payload files
```

---

## ๐Ÿ”ฅ Example Workflow

```bash
# 1. Crawl target for endpoints
python tsurugi.py crawl "https://target.com" --depth 2

# 2. Test for SQLi
python tsurugi.py attack "https://target.com/api?id=1"

# 3. Test for XSS (confirmed in browser)
python tsurugi.py xss "https://target.com/search?q=x" --confirm

# 4. Find hidden parameters
python tsurugi.py params "https://target.com/api/user"

# 5. Scan for CVEs
python tsurugi.py nuclei "https://target.com"

# 6. Generate report
python tsurugi.py report
```

---

## โš ๏ธ Disclaimer

This tool is intended for **authorized security testing only**. 

Usage against systems without explicit permission is illegal. The authors assume no liability for misuse of this software.

---


  Open Source Security Framework by HikariSystem