Carnivore - Predator
Formerly known as THC HackSuite, Carnivore - Predator stands at the forefront of cutting-edge cybersecurity tools, redefining the landscape of penetration testing with unparalleled innovation. Designed to empower ethical hackers, security professionals, and enthusiasts alike, Carnivore - Predator is the ultimate Pentest CMS that puts you in command.
current version: 0.7.0 - PREDATOR
home > documentation > modules > How to use THC Discover
This article explains how to effectively make use of THC Discover.
author: Remco Kouw
created: 09-May-2024
updated: 09-May-2024

THC Discover Introduction

In this documentation, we will explore the functionality of the THC Discover module (thc_ds).

THC Discover is a reconnaissance tool designed to investigate a target's attack surface effectively.

Interface Parameters:

  1. address: Website address of the target
  2. find this: Selection of content to search for on the target website

ModGlue Variables:

General Variables

  • $_CONTEXT['thc_ds']['hostparts']['host']: (string) Host part extracted from the parsed URL
  • $_CONTEXT['thc_ds']['host']: (string) HTTP host part of the target
  • $_CONTEXT['thc_ds']['load']: (array) File names of plugins used for the attack

robots.php Plugin Variables

  • $_CONTEXT['thc_ds']['robots']['robotsfile']: (string) URL path to robots.txt on the remote host
  • $_CONTEXT['thc_ds']['robots']['found']: (boolean) True if file was found, false if not
  • $_CONTEXT['thc_ds']['robots']['result']: (string) Web server's response, containing the content of robots.txt if the file is present
  • $_CONTEXT['thc_ds']['robots']['http_response']: (int) HTTP response code; 200 if file was found

phpmyadmin.php Plugin Variables

  • $_CONTEXT['thc_ds']['myadmin']['file']: (array) Folder structures of phpMyAdmin, each folder on a different line, sourced from pma.txt located in the module's root folder
  • $_CONTEXT['thc_ds']['myadmin']['found']: (boolean) Status identifier; true if URL exists, false if not
  • $_CONTEXT['thc_ds']['myadmin']['target']: (string) URL to the possible phpMyAdmin installation
  • $_CONTEXT['thc_ds']['myadmin']['sourcedata']: (string) Web server's response
  • $_CONTEXT['thc_ds']['myadmin']['http_response']: (int) HTTP response code; 200 if URL is valid

browsable.php Plugin Variables

  • $_CONTEXT['thc_ds']['folders']['target']: (string) URL path to the target
  • $_CONTEXT['thc_ds']['folders']['sourcedata']: (string) Web server's response
  • $_CONTEXT['thc_ds']['folders']['http_response']: (int) HTTP response code; 200 if URL is valid
  • $_CONTEXT['thc_ds']['parsehtml2']: (array) All URLs found in HTML tags
  • $_CONTEXT['thc_ds']['urlparts']: (array) URL parts of the current specified URL
  • $_CONTEXT['thc_ds']['checkdirs']: (array) All folders on the server that will be validated
  • $_CONTEXT['thc_ds']['browsable']: (int) Amount of browsable folders
  • $_CONTEXT['thc_ds']['browsablefolders']: (array) All browsable folders on the target
  • $_CONTEXT['thc_ds']['sourcedata']: (string) Webpage content
  • $_CONTEXT['thc_ds']['resultdirs']: (boolean) Indicates if the page seems browsable; false if not, true if it is

response.php Plugin Variables

  • $_CONTEXT['thc_ds']['response']['response']: (mixed) String if there are headers, false if the host is down

adminlogin.php Plugin Variables

  • $_CONTEXT['thc_ds']['admin']['file']: (array) Folder structures of phpMyAdmin, each folder on a different line, sourced from admin.txt located in the module's root folder
  • $_CONTEXT['thc_ds']['admin']['found']: (boolean) Status identifier; true if URL exists, false if not
  • $_CONTEXT['thc_ds']['admin']['target']: (string) URL to the possible phpMyAdmin installation

Resource Settings:

  • time limit: 0 (unlimited)
  • memory limit: PHP default

Dependencies:

Curl

Expanding THC Discover:

You can expand the functionality of THC Discover by adding new plugins. All plugins are located in the plugins folder within the module's root directory.

To integrate a new plugin into THC Discover, follow these steps:

Open the plugins.php file inside the module's root folder. There, you will find the $_CONTEXT['plugs'] variable. Here's an example of how to configure a plugin for response header analysis:

$_CONTEXT['plugs']['sResponse'] = array("response header","response.php","response");

Explanation of the configuration:

  • sResponse: Variable name of the input check field on the index page
  • response header: Text appearing next to an input check field for selecting this plugin on the module interface
  • response.php: File responsible for the functionality of this plugin, located in the plugins folder
  • response: Corresponds to the ModGlue variables of this module. In this case, plugin data and output will be stored in the $_CONTEXT['thc_ds']['response'] variable

Known Issues:

The plugin that validates whether a folder can be browsed may give inaccurate results due to custom page setups by administrators.

How to use THC Dork || How to use Enumerate
similar content
How to use CollectPanelsHow to use THC CF ResolverHow to use xDNSHow to use THC DorkHow to use EnumerateHow to use THC InvestigateHow to use MisterLGHow to use ShodownHow to use THC SscanHow to use xWhereHow to use xScan
Created by Remco Kouw: 2008-2024