LiLith v0.6a: http forms scanner/injector

 LiLith is a tool for auditing dynamic websites and web applications, to  improve their security, so please do not abuse this software and always  get permission in ‘scanning’ a target system.

Platform : Windows & Unix/Linux. written in perl

This software works as an ordinary webspider, but rather in storing the file, it analyses the HTML output and tries to inject  characters  that  can have a special meaning for an underlying platform.  Furthermore, it
tries to tamper web variables – implying to get error messages.

Errors  found in web applications -often- pose a misunderstood security  hole.  Having your website firewalled and protected with IDS/IPS mostly  doesn’t help much to your application security. As often quoted before;  security is only as strong as it’s weakest link.

 How to use:

LiLith v0.6a is written in perl 5 and only needs perl with some modules
that often come with perl by default. If any error arises upon starting
the program, please install following modules:

– HTTP::Request
– LWP::UserAgent

Lilith can be run from any posix or Microsoft Windows machine, such  as
following example (on Linux 2.4.x):

$ perl

When is run without an argument , a short usage menu explains
how parameters need to be passed.  The most default way of running this
tool is just with a host argument, such as following example:

$ perl

This will start “spidering” the web pages hosted at  and
will inject several characters in places where possible, such as

 tags that will accept one or more ‘s, or variables in the URL.

 Of course, LiLith has many options to “tune” your spidering process and
to increase verbosity on screen and logging output. The several options
are explained in the next section “LiLith options”.

 LiLith options
This section explains options that can be used with LiLith:


    : Directory where the spidering should start. If you are
running a website where a webapplication is located at
a certain directory (eg: /ebank/), then this directory
can be specified.  *Note*: any links that jump back to
the homepage will not be followed , any external links
(hyperlinks going to other websites) will not be saved
and audited.  If the target is specified with a direc-
tory (eg: “”), then the directory
will be parsed.
   -a   : User-agent that is displayed with every request.   The
default user-agent is set to “LiLith v0.6a”, but  this
can be changed. The argument for this parameter can be
nummeric and get a agent from the list (which is  seen
when issuing -a 0) or a alphanummeric string that will
be used as the user-agent. This can be handy in audits
when set to for example: “Security Scan “.   The
list of ‘normal’ browsers is to  ensure  compatibility
with browser-specific (eg: IE) applications.

-u   : If the target web application  is protected with basic
authentication then credentials (username and password
respectively)   can   be   set   here.   For  example:
-u “michael:secret123”.

-p   : If you can only  access the target  web application by                  going through a proxy, this can be specified here. The
format should be in the format. Eg:
-p “”.

-U   : If the proxy, specified with the -p argument, requires
authentication, then it can be set here. It adapts the
same format as basic authentication.

-T   : If defined , then LiLith will wait seconds  in
between sending two requests.  This argument should be
of a nummeric nature, eg: “-T 2” will make LiLith wait
for two (2) seconds between each request.

-f    : LiLith will log all requests, responses with  relevant
timestamps.  This can come in handy when comparing any
IDS logs against  the LiLith logfile.   The  specified
logfile should be a writeable file, and all data  will
be stored in a readable ASCII file.

-c           : Ignore any cookies presented by the host [default off]
that are used by the application.  Often these contain
data that should be remembered (eg:  language, session

Download Version :
Windows :
unix/linux : lilith.tar.gz
For Any Question you can mailing list with author : 
Michael Hendrickx <>