View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006924 | Kali Linux | [All Projects] New Tool Requests | public | 2020-12-10 14:15 | 2021-01-08 13:32 |
Reporter | sha0coder | Assigned To | g0tmi1k | ||
Priority | normal | Severity | minor | Reproducibility | N/A |
Status | closed | Resolution | won't fix | ||
Product Version | |||||
Target Version | Fixed in Version | ||||
Summary | 0006924: Web-Fu the web hacking chrome extension | ||||
Description | Name: Web-Fu Author: @sha0coder License: GPLv3 Description: It's a chrome extension that allows to launch multiple types of web attacks from the browser to test the security of a website. Latest version is available on the git: https://github.com/sha0coder/web-fu Being in a browser has some advantages over a proxy, more easy to use, launching attacks with a right click, SSL friendly (no need to install certs), javascript friendly (render the javascript and the html content), no dependencies, no need to use daemons or external tools. Some feautres: - false positive reduction with gauss statistics - bruteforcing folders, files, params names, param values on get/post. - default wordlists or load worlist - cookie editor - attacks log useful for security audits. - visual crawl - visual bruteforce (experimental) - clever params auditor expert system - request interceptor - base64 and url encoding/decoding - danger bytes, all encoded bytes - portscan (basic portscanner of web ports) - build request Dependencies: none, just the chrome browser. Similar tools: none, there are much simpler extensions for editing cookies or other basic things. Activity: I have beeing using and updating this tools in pentests, honestly I'm not super active but I will improve the expert system. Detecting more backend errors and launching and improving the attack decision tree. How to install: (...) button -> more tools -> Extensions -> developer mode on -> load unpacked clone the github repo and load unpacked the folder. How to use: some examples: - right click + Crack - right click on a textbox + all encoded bytes - extensions button for more options Packaged: can be compressed in a zip a loaded on the chrome, but simpler load the folder uncompressed. No Debian package or any package system. https://github.com/sha0coder/web-fu Thanks a alot in advance. | ||||