Need help with 0d1n?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

490 Stars 146 Forks GNU General Public License v3.0 251 Commits 10 Opened issues


Tool for automating customized attacks against web applications. Full made in C language with pthreads, have a fast performance.

Services available


Need anything else?

Contributors list

# 54,923
168 commits
# 365,695
2 commits
# 431,515
1 commit
# 68,715
1 commit
# 1,449
1 commit


0d1n is a tool for automating customized attacks against web applications. This tool is very faster because uses thread pool and C language.

Alt text Alt text Alt text 0d1n is a tool for automating customized attacks against web applications. Video demo:

Tool functions:

  • Brute force login and passwords in auth forms

  • Directory disclosure ( use PATH list to brute, and find HTTP status code )

  • Test to find SQL Injection and XSS vulnerabilities

  • Test to find SSRF

  • Test to find COmmand injection

  • Options to load ANTI-CSRF token each request

  • Options to use random proxy per request

  • other functions...

To run and install follow this steps:

require libcurl-dev or libcurl-devel(on rpm linux based)

$ git clone

You need libcurl to run, look the following to install::

$ sudo apt-get install libcurl-dev
or try libcurl4-dev... libcurl*

if rpm distro

$ sudo yum install libcurl-devel

To install follow this cmd: ``` $ cd 0d1n

$ make; sudo make install USER=nameyouruser;

$ cd 0d1nviewer; make; sudo make install USER=nameyour_user; ```

Up the view server to look the reports online:

$ sudo 0d1n_view 

Now in other console you can run the tool: ```

$ 0d1n

to uninstall follow this steps:

$ cd 0d1n; sudo make uninstall

$ cd 0d1n_view; sudo make uninstall

Attack examples:

Brute force to find directory

$ 0d1n --host^ --payloads /opt/0d1n/payloads/dirbrute.txt --threads 500 --timeout 3 --log bartsimpsom4 --saveresponse ``` Note: You can change value of threads, if you have a good machine, you can try 800, 1200... each machine have a different context.

For SQL injection attack

$ 0d1n --host '^/product/^/' --payloads /opt/0d1n/payloads/sqli_list.txt --find_string_list /opt/0d1n/payloads/sqli_str2find_list.txt --log log1337 --tamper randcase --threads 800 --timeout 3 --save_response\n"
Note: Tamper is resource to try bypass the web application firewall

To brute force auth system

0d1n --host '' --post 'user=admin&password=^' --payloads /opt/0d1n/payloads/wordlist.txt --log log007 --threads 500 --timeout 3\n"
Note: if have csrf token, you can use argv to get this token each request and brute...

Search SQLi in hard mode in login system with csrf token:

0d1n  --host "^" --payloads /opt/0d1n/payloads/sqli.txt --find_string_list /opt/0d1n/payloads/find_responses.txt --token_name user_token --log logtest_fibonaci49 --cookie_jar /home/user_name/cookies.txt --save_response --tamper randcase --threads 100
Note: Load cookies jar form browser and save in cookies.txt to load.

Notes External libs

  • To gain extreme performance 0d1n uses thread pool of posix threads, you can study this small library:

  • The 0d1n uses OpenBSD/NetBSD functions to work with strings some thing like strlcat() and strlcpy() to prevent buffer overflow.

Project Overview on cloc

[email protected]:~/codes$ cloc 0d1n/
     937 text files.
     532 unique files.                                          
     451 files ignored.

Language files blank comment code

JavaScript 361 9951 15621 52178 C 51 4986 4967 26642 C/C++ Header 30 1184 2858 4295 CSS 10 434 369 2142 HTML 7 59 0 1616 TeX 2 52 4 206 Markdown 3 81 0 137 make 4 36 9 130 Bourne Shell 2 0 0 4

SUM: 487 16835 23846 91213

Read the docs, and help menu when you execute "0d1n" binary...

Do you have any doubt about 0d1n? please create a issue in this repository, i can help you...

To study old versions look this following:

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.