🚀 Installation

Note: Lotus has been tested on a Unix-like operating system (Linux, FreeBSD) so to avoid unexpected errors use one of these OS

Step 1. Install Lotus

Download the binary file based on your machine's operating system from the Release page on Lotus Github Repo

 $ wget https://github.com/rusty-sec/lotus/releases/download/v0.4-beta/lotus-x86_64-unknown-linux-gnu.tar.gz -O Lotus.tar.gz
 $ tar -xvf Lotus.tar.gz

Or Complie it with Cargo to be in the last code update

$ cargo install --git=https://github.com/rusty-sec/lotus

Step 2. Download the official Lua Scripts

Once Lotus has been installed, it is necessary to download the official lua scripts from the Lotus-scripts repository

USE THE OFFICAL REPO ONLY for your safety

$ git clone https://github.com/rusty-sec/lotus-scripts

Step 3. Give it a try

$ echo http://testphp.vulnweb.com/listproducts.php?cat=1| ./lotus urls lotus-scripts/active/ -o test.json

[+] reflected cross site scripting on: http://testphp.vulnweb.com/listproducts.php?cat=1%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28%29%3E
[#] Description: https://owasp.org/www-community/attacks/xss/
[#] Vulnerable Parameter: cat
[#] Risk: medium
[#] Used Payload: "><img src=x onerror=alert()>
[#] Matching Pattern: img[src="x"][onerror="alert()"]
#--------------------------------------------------#

🤝 Contributing

Contributors of all skill levels are always welcome! You can begin by trying out a good first issue if you are new to the project

💭 Inspired By

• ZAPROXY Scripting

• Nuclei

• Amass Lua Scripting

📝 License

Copyright © 2022 The Lotus Contributors (GPLv2)