Skip to content
/ LOGAC Public

LOGAC is an automated security testing framework for web applications focused on detecting access control and business logic vulnerabilities.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Andiansyah23/LOGAC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
data
data
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
auth_tester.py
auth_tester.py
 
 
bruteforce.py
bruteforce.py
 
 
crawler.py
crawler.py
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

LOGAC (Logic & Access Security Scanner)

Python License Status

LOGAC is an automated security testing framework for web applications focused on detecting access control and business logic vulnerabilities.

✨ Key Features

  • 🕷️ Smart Web Crawler: Crawls and maps entire web applications
  • 🔐 User Role Mapping: Detects and maps different user roles
  • 🎯 Privilege Escalation Testing: Detects IDOR and privilege escalation vulnerabilities
  • 📊 Response Comparator: Compares server responses across different user roles
  • 📝 Report Generator: Generates comprehensive comparative reports

🚀 Installation

  1. Clone this repository:
git clone https://github.com/Andiansyah23/logac.git
cd logac
  1. Install dependencies:
pip install -r requirements.txt
  1. Prepare wordlists:
mkdir data
# Add your wordlists to the data folder

📖 Usage

Run the tool with the command:

python main.py

The tool will prompt for:

Important File Structure

logac/
├── main.py              # Main entry point
├── crawler.py           # Crawler module
├── auth_tester.py       # Authentication testing module
├── data/
│   ├── wordlist.txt     # Wordlist for directory brute-forcing
│   ├── usernames.txt    # Username list for brute force
│   └── passwords.txt    # Password list for brute force
└── reports/             # Folder for storing reports

🎯 Example Usage

$ python main.py
Enter target host (e.g., http://example.com): http://testapp.com
[*] Brute forcing login directories...
[+] Login form found:
    URL: http://testapp.com/login
    Action: /login
    Method: POST
[?] Login mode: 1. Manual 2. Auto (brute): 2
[*] Trying admin:admin
[*] Trying admin:password
...
[+] Report saved to data/report_testapp_com.html

📊 Sample Report

LOGAC generates HTML reports containing:

  • List of discovered directories
  • Login attempt results
  • Brute force status
  • OTP testing results

⚠️ Disclaimer

This tool is intended for educational purposes and authorized security testing only. Please obtain written permission before testing any systems you don't own.

📄 License

This project is licensed under the MIT License - see the LICENSE file for full details.

🤝 Contributing

Contributions are always welcome! Please create issues or pull requests for:

  • Bug reports
  • Feature suggestions
  • Documentation improvements

Built with ❤️ for the Indonesian cybersecurity community

About

LOGAC is an automated security testing framework for web applications focused on detecting access control and business logic vulnerabilities.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages