Name: Web-Fu
Author: @sha0coder
License: GPLv3

Description:
It's a chrome extension that allows to launch multiple types of web attacks from the browser to test the security of a website.
Latest version is available on the git: https://github.com/sha0coder/web-fu

Being in a browser has some advantages over a proxy, more easy to use, launching attacks with a right click, SSL friendly (no need to install certs), javascript friendly (render the javascript and the html content), no dependencies, no need to use daemons or external tools.

Some feautres:

• false positive reduction with gauss statistics
• bruteforcing folders, files, params names, param values on get/post.
• default wordlists or load worlist
• cookie editor
• attacks log useful for security audits.
• visual crawl
• visual bruteforce (experimental)
• clever params auditor expert system
• request interceptor
• base64 and url encoding/decoding
• danger bytes, all encoded bytes
• portscan (basic portscanner of web ports)
• build request

Dependencies: none, just the chrome browser.

Similar tools: none, there are much simpler extensions for editing cookies or other basic things.

Activity: I have beeing using and updating this tools in pentests, honestly I'm not super active but I will improve the expert system. Detecting more backend errors and launching and improving the attack decision tree.

How to install: (...) button -> more tools -> Extensions -> developer mode on -> load unpacked
clone the github repo and load unpacked the folder.

How to use: some examples:

• right click + Crack
• right click on a textbox + all encoded bytes
• extensions button for more options

Packaged: can be compressed in a zip a loaded on the chrome, but simpler load the folder uncompressed. No Debian package or any package system.

https://github.com/sha0coder/web-fu

Thanks a alot in advance.