hackingtool/tools/webattack.py

114 lines
4.0 KiB
Python
Raw Normal View History

# coding=utf-8
import subprocess
from core import HackingTool
from core import HackingToolsCollection
class Web2Attack(HackingTool):
TITLE = "Web2Attack"
DESCRIPTION = "Web hacking framework with tools, exploits by python"
INSTALL_COMMANDS = [
"sudo git clone https://github.com/santatic/web2attack.git"]
2020-12-16 15:33:38 +00:00
RUN_COMMANDS = ["cd web2attack && sudo python3 w2aconsole"]
PROJECT_URL = "https://github.com/santatic/web2attack"
class Skipfish(HackingTool):
TITLE = "Skipfish"
DESCRIPTION = "Skipfish Fully automated, active web application " \
"security reconnaissance tool \n " \
"Usage: skipfish -o [FolderName] targetip/site"
RUN_COMMANDS = [
"sudo skipfish -h",
'echo "skipfish -o [FolderName] targetip/site"|boxes -d headline | lolcat'
]
def __init__(self):
super(Skipfish, self).__init__(installable = False)
class SubDomainFinder(HackingTool):
TITLE = "SubDomain Finder"
DESCRIPTION = "Sublist3r is a python tool designed to enumerate " \
"subdomains of websites using OSINT \n " \
"Usage:\n\t" \
"[1] python sublist3r.py -d example.com \n" \
"[2] python sublist3r.py -d example.com -p 80,443"
INSTALL_COMMANDS = [
"sudo pip install requests argparse dnspython",
"sudo git clone https://github.com/aboul3la/Sublist3r.git",
"cd Sublist3r && sudo pip install -r requirements.txt"
]
RUN_COMMANDS = ["cd Sublist3r && python sublist3r.py -h"]
PROJECT_URL = "https://github.com/aboul3la/Sublist3r"
class CheckURL(HackingTool):
TITLE = "CheckURL"
DESCRIPTION = "Detect evil urls that uses IDN Homograph Attack.\n\t" \
"[!] python3 checkURL.py --url google.com"
INSTALL_COMMANDS = [
"sudo git clone https://github.com/UndeadSec/checkURL.git"]
RUN_COMMANDS = ["cd checkURL && python3 checkURL.py --help"]
PROJECT_URL = "https://github.com/UndeadSec/checkURL"
class Blazy(HackingTool):
TITLE = "Blazy(Also Find ClickJacking)"
DESCRIPTION = "Blazy is a modern login page bruteforcer"
INSTALL_COMMANDS = [
"sudo git clone https://github.com/UltimateHackers/Blazy.git",
"cd Blazy && sudo pip install -r requirements.txt"
]
RUN_COMMANDS = ["cd Blazy && sudo python blazy.py"]
PROJECT_URL = "https://github.com/UltimateHackers/Blazy"
class SubDomainTakeOver(HackingTool):
TITLE = "Sub-Domain TakeOver"
DESCRIPTION = "Sub-domain takeover vulnerability occur when a sub-domain " \
"\n (subdomain.example.com) is pointing to a service " \
"(e.g: GitHub, AWS/S3,..)\n" \
"that has been removed or deleted.\n" \
"Usage:python3 takeover.py -d www.domain.com -v"
INSTALL_COMMANDS = [
"git clone https://github.com/m4ll0k/takeover.git",
"cd takeover;sudo python3 setup.py install"
]
PROJECT_URL = "https://github.com/m4ll0k/takeover"
def __init__(self):
super(SubDomainTakeOver, self).__init__(runnable = False)
class Dirb(HackingTool):
TITLE = "Dirb"
DESCRIPTION = "DIRB is a Web Content Scanner. It looks for existing " \
"(and/or hidden) Web Objects.\n" \
"It basically works by launching a dictionary based " \
"attack against \n a web server and analizing the response."
INSTALL_COMMANDS = [
"sudo git clone https://gitlab.com/kalilinux/packages/dirb.git",
"cd dirb;sudo ./configure;make"
]
PROJECT_URL = "https://gitlab.com/kalilinux/packages/dirb"
def run(self):
uinput = input("Enter Url >> ")
subprocess.run(["sudo", "dirb", uinput])
class WebAttackTools(HackingToolsCollection):
TITLE = "Web Attack tools"
DESCRIPTION = ""
TOOLS = [
Web2Attack(),
Skipfish(),
SubDomainFinder(),
CheckURL(),
Blazy(),
SubDomainTakeOver(),
Dirb()
]