View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0006924||Kali Linux||[All Projects] New Tool Requests||public||2020-12-10 14:15||2021-01-08 13:32|
|Target Version||Fixed in Version|
|Summary||0006924: Web-Fu the web hacking chrome extension|
It's a chrome extension that allows to launch multiple types of web attacks from the browser to test the security of a website.
Latest version is available on the git: https://github.com/sha0coder/web-fu
- false positive reduction with gauss statistics
- bruteforcing folders, files, params names, param values on get/post.
- default wordlists or load worlist
- cookie editor
- attacks log useful for security audits.
- visual crawl
- visual bruteforce (experimental)
- clever params auditor expert system
- request interceptor
- base64 and url encoding/decoding
- danger bytes, all encoded bytes
- portscan (basic portscanner of web ports)
- build request
Dependencies: none, just the chrome browser.
Similar tools: none, there are much simpler extensions for editing cookies or other basic things.
Activity: I have beeing using and updating this tools in pentests, honestly I'm not super active but I will improve the expert system. Detecting more backend errors and launching and improving the attack decision tree.
How to install: (...) button -> more tools -> Extensions -> developer mode on -> load unpacked
clone the github repo and load unpacked the folder.
How to use: some examples:
- right click + Crack
- right click on a textbox + all encoded bytes
- extensions button for more options
Packaged: can be compressed in a zip a loaded on the chrome, but simpler load the folder uncompressed. No Debian package or any package system.
Thanks a alot in advance.