View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0006924Kali Linux[All Projects] New Tool Requestspublic2020-12-10 14:152021-01-08 13:32
Reportersha0coder Assigned Tog0tmi1k  
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionwon't fix 
Product Version 
Target VersionFixed in Version 
Summary0006924: Web-Fu the web hacking chrome extension
DescriptionName: Web-Fu
Author: @sha0coder
License: GPLv3

Description:
It's a chrome extension that allows to launch multiple types of web attacks from the browser to test the security of a website.
Latest version is available on the git: https://github.com/sha0coder/web-fu


Being in a browser has some advantages over a proxy, more easy to use, launching attacks with a right click, SSL friendly (no need to install certs), javascript friendly (render the javascript and the html content), no dependencies, no need to use daemons or external tools.



Some feautres:
- false positive reduction with gauss statistics
- bruteforcing folders, files, params names, param values on get/post.
- default wordlists or load worlist
- cookie editor
- attacks log useful for security audits.
- visual crawl
- visual bruteforce (experimental)
- clever params auditor expert system
- request interceptor
- base64 and url encoding/decoding
- danger bytes, all encoded bytes
- portscan (basic portscanner of web ports)
- build request


Dependencies: none, just the chrome browser.

Similar tools: none, there are much simpler extensions for editing cookies or other basic things.

Activity: I have beeing using and updating this tools in pentests, honestly I'm not super active but I will improve the expert system. Detecting more backend errors and launching and improving the attack decision tree.

How to install: (...) button -> more tools -> Extensions -> developer mode on -> load unpacked
clone the github repo and load unpacked the folder.

How to use: some examples:
- right click + Crack
- right click on a textbox + all encoded bytes
- extensions button for more options

Packaged: can be compressed in a zip a loaded on the chrome, but simpler load the folder uncompressed. No Debian package or any package system.

https://github.com/sha0coder/web-fu

Thanks a alot in advance.

Activities

g0tmi1k

2021-01-08 13:32

administrator   ~0014056

We use firefox by default without any extensions.

This is chrome and requiring an extension

Issue History

Date Modified Username Field Change
2020-12-10 14:15 sha0coder New Issue
2021-01-08 13:32 g0tmi1k Note Added: 0014056
2021-01-08 13:32 g0tmi1k Assigned To => g0tmi1k
2021-01-08 13:32 g0tmi1k Status new => closed
2021-01-08 13:32 g0tmi1k Resolution open => won't fix