Metadata-Version: 2.4
Name: imcurvin
Version: 1.3.2
Summary: Web security auditing tool with advanced evasion modes
Home-page: https://github.com/Skokoo/ImCurvin
Author: Skokoo
Author-email: Skokoo@proton.me
License: Apache 2.0
Project-URL: Homepage, https://github.com/Skokoo/ImCurvin
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: POSIX :: Linux
Classifier: Programming Language :: Unix Shell
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Security
Description-Content-Type: text/markdown
License-File: LICENSE
Dynamic: author
Dynamic: author-email
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: license
Dynamic: license-file
Dynamic: project-url
Dynamic: summary


## ImCurvin

![License](https://img.shields.io/badge/License-Apache%202.0-4EAA25?logo=apache&logoColor=white) ![Bash](https://img.shields.io/badge/Bash-5.2-4EAA25?logo=gnu-bash&logoColor=white) ![Python](https://img.shields.io/badge/Python-3.12-3776AB?logo=python&logoColor=white) ![Platform](https://img.shields.io/badge/Platform-Termux%20%2F%20Linux-FF6B6B?logo=linux&logoColor=white)

***ImCurvin*** is an open-source, server-friendly web security auditing tool built for Termux and Linux environments to detect misconfigurations, probe backend vulnerabilities, and discover hidden endpoints. Powered by a flexible Bash core integrated with analytical Python engines, it features advanced multi-vector evasion techniques and adaptive scanning modes.

The framework offers three distinct operational modes:
* **Default Mode:** Performs baseline endpoint scanning using wordlist-driven reconnaissance. It randomizes User-Agents and utilizes built-in rate limiting to evade initial detection, making it ideal for target assessment.
* **Risk Mode:** Escalates reconnaissance by routing traffic through TOR circuits. It operates in a 3-stage sequence: Endpoint Discovery, Time-Based SQL Injection with custom tampering, and Gentle Probing via HTTP OPTIONS requests to harvest server metadata. Includes a Python post-scan validator to eliminate network-induced false positives.
* **Defiance Mode:** An aggressive, high-throughput engine optimized for MySQL time-based injection attacks. It features dual-vector parallel attacks with multi-port TOR circuit load-balancing, achieving true multi-IP rotation per request. Evasion is pushed to its limits using multi-layered tampers (XOR, Base64, and more) coupled with adaptive header injection, Synchronized JA3/JA4 TLS Fingerprinting, Automated Control Loop Shadowban Evasion, HTTP Chunked Transfer Encoding Mismatch, HTTP/2 Rapid Reset Protocol Exploitation, and more advanced WAF/CDN bypass. This mode implements an enhanced, highly accurate Python validation engine to isolate genuine database delays from baseline network latency.

> For a detailed breakdown of each operational mode and its technical implementation, please visit the repository and check the Mode.md file.

### Requirements:
* tor
* xxd
* curl
* coreutils
* python3 (for Git installation)

### Source: 
[https://github.com/Skokoo/ImCurvin](https://github.com/Skokoo/ImCurvin)

### Legal Disclaimer
This tool is developed for educational purposes and authorized penetration testing only. 
The developer assumes no liability and is not responsible for any misuse, damage, or legal consequences caused by this tool. 
Usage on unauthorized targets is strictly illegal.
    
