Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
Z4nzu
GitHub Repository: Z4nzu/hackingtool
 Path: blob/master/tools/web_attack.py
2371 views
1
import subprocess

2
from core import HackingTool, HackingToolsCollection, console

3


4
from rich.panel import Panel

5
from rich.prompt import Prompt

6


7


8
class Web2Attack(HackingTool):

9
    TITLE = "Web2Attack"

10
    DESCRIPTION = "Web hacking framework with tools, exploits by python"

11
    INSTALL_COMMANDS = [

12
        "git clone https://github.com/santatic/web2attack.git"

13
    ]

14
    RUN_COMMANDS = ["cd web2attack && sudo python3 w2aconsole"]

15
    PROJECT_URL = "https://github.com/santatic/web2attack"

16


17


18
class Skipfish(HackingTool):

19
    TITLE = "Skipfish"

20
    DESCRIPTION = (

21
        "Skipfish – Fully automated, active web application "

22
        "security reconnaissance tool \n "

23
        "Usage: skipfish -o [FolderName] targetip/site"

24
    )

25
    RUN_COMMANDS = [

26
        "sudo skipfish -h",

27
        'echo "skipfish -o [FolderName] targetip/site"|boxes -d headline | lolcat'

28
    ]

29


30
    def __init__(self):

31
        super().__init__(installable=False)

32


33


34
class SubDomainFinder(HackingTool):

35
    TITLE = "SubDomain Finder"

36
    DESCRIPTION = (

37
        "Sublist3r is a python tool designed to enumerate "

38
        "subdomains of websites using OSINT \n "

39
        "Usage:\n\t[1] python3 sublist3r.py -d example.com \n"

40
        "[2] python3 sublist3r.py -d example.com -p 80,443"

41
    )

42
    INSTALL_COMMANDS = [

43
        "sudo pip3 install requests argparse dnspython",

44
        "git clone https://github.com/aboul3la/Sublist3r.git",

45
        "cd Sublist3r && sudo pip3 install -r requirements.txt"

46
    ]

47
    RUN_COMMANDS = ["cd Sublist3r && python3 sublist3r.py -h"]

48
    PROJECT_URL = "https://github.com/aboul3la/Sublist3r"

49


50


51
class CheckURL(HackingTool):

52
    TITLE = "CheckURL"

53
    DESCRIPTION = (

54
        "Detect evil urls that uses IDN Homograph Attack.\n\t"

55
        "[!] python3 checkURL.py --url google.com"

56
    )

57
    INSTALL_COMMANDS = ["git clone https://github.com/UndeadSec/checkURL.git"]

58
    RUN_COMMANDS = ["cd checkURL && python3 checkURL.py --help"]

59
    PROJECT_URL = "https://github.com/UndeadSec/checkURL"

60


61


62
class Blazy(HackingTool):

63
    TITLE = "Blazy(Also Find ClickJacking)"

64
    DESCRIPTION = "Blazy is a modern login page bruteforcer"

65
    INSTALL_COMMANDS = []

66
    RUN_COMMANDS = []

67
    PROJECT_URL = "https://github.com/UltimateHackers/Blazy"

68
    ARCHIVED = True

69
    ARCHIVED_REASON = "Python 2 only (pip2.7/python2.7). Repo archived/unmaintained."

70


71
    def __init__(self):

72
        super().__init__(installable=False, runnable=False)

73


74


75
class SubDomainTakeOver(HackingTool):

76
    TITLE = "Sub-Domain TakeOver"

77
    DESCRIPTION = (

78
        "Sub-domain takeover vulnerability occur when a sub-domain "

79
        "\n (subdomain.example.com) is pointing to a service "

80
        "(e.g: GitHub, AWS/S3,..)\nthat has been removed or deleted.\n"

81
        "Usage:python3 takeover.py -d www.domain.com -v"

82
    )

83
    INSTALL_COMMANDS = [

84
        "git clone https://github.com/edoardottt/takeover.git",

85
        "cd takeover && pip install --user ."

86
    ]

87
    PROJECT_URL = "https://github.com/edoardottt/takeover"

88


89
    def __init__(self):

90
        super().__init__(runnable=False)

91


92


93
class Dirb(HackingTool):

94
    TITLE = "Dirb"

95
    DESCRIPTION = (

96
        "DIRB is a Web Content Scanner. It looks for existing "

97
        "(and/or hidden) Web Objects.\n"

98
        "It basically works by launching a dictionary based "

99
        "attack against \n a web server and analyzing the response."

100
    )

101
    INSTALL_COMMANDS = [

102
        "git clone https://gitlab.com/kalilinux/packages/dirb.git",

103
        "cd dirb;sudo bash configure;make"

104
    ]

105
    PROJECT_URL = "https://gitlab.com/kalilinux/packages/dirb"

106


107
    def run(self):

108
        uinput = input("Enter Url >> ")

109
        subprocess.run(["sudo", "dirb", uinput])

110


111


112
class Nuclei(HackingTool):

113
    TITLE = "Nuclei (Vulnerability Scanner)"

114
    DESCRIPTION = (

115
        "Fast, template-based vulnerability scanner used by 50k+ security teams.\n"

116
        "Usage: nuclei -u https://example.com"

117
    )

118
    REQUIRES_GO = True

119
    INSTALL_COMMANDS = [

120
        "go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest",

121
        "nuclei -update-templates",

122
    ]

123
    RUN_COMMANDS = ["nuclei -h"]

124
    PROJECT_URL = "https://github.com/projectdiscovery/nuclei"

125


126


127
class Ffuf(HackingTool):

128
    TITLE = "ffuf (Web Fuzzer)"

129
    DESCRIPTION = (

130
        "Fast web fuzzer — content discovery, parameter fuzzing, vhost discovery.\n"

131
        "Usage: ffuf -w wordlist.txt -u https://example.com/FUZZ"

132
    )

133
    REQUIRES_GO = True

134
    INSTALL_COMMANDS = [

135
        "go install -v github.com/ffuf/ffuf/v2@latest",

136
    ]

137
    RUN_COMMANDS = ["ffuf -h"]

138
    PROJECT_URL = "https://github.com/ffuf/ffuf"

139


140


141
class Feroxbuster(HackingTool):

142
    TITLE = "Feroxbuster (Directory Brute Force)"

143
    DESCRIPTION = (

144
        "Fast, recursive content discovery tool written in Rust.\n"

145
        "Usage: feroxbuster -u https://example.com -w wordlist.txt"

146
    )

147
    SUPPORTED_OS = ["linux"]

148
    INSTALL_COMMANDS = [

149
        "curl -sL https://raw.githubusercontent.com/epi052/feroxbuster/main/install-nix.sh "

150
        "| sudo bash -s /usr/local/bin",

151
    ]

152
    RUN_COMMANDS = ["feroxbuster -h"]

153
    PROJECT_URL = "https://github.com/epi052/feroxbuster"

154


155


156
class Nikto(HackingTool):

157
    TITLE = "Nikto (Web Server Scanner)"

158
    DESCRIPTION = (

159
        "Scan web servers for dangerous files, outdated software, misconfigurations.\n"

160
        "Usage: nikto -h https://example.com"

161
    )

162
    SUPPORTED_OS = ["linux"]

163
    INSTALL_COMMANDS = ["sudo apt-get install -y nikto"]

164
    RUN_COMMANDS = ["nikto -Help"]

165
    PROJECT_URL = "https://github.com/sullo/nikto"

166


167


168
class Wafw00f(HackingTool):

169
    TITLE = "wafw00f (WAF Detector)"

170
    DESCRIPTION = (

171
        "Fingerprint and identify Web Application Firewalls (WAF).\n"

172
        "Usage: wafw00f https://example.com"

173
    )

174
    INSTALL_COMMANDS = [

175
        "git clone https://github.com/EnableSecurity/wafw00f.git",

176
        "cd wafw00f && pip install --user .",

177
    ]

178
    RUN_COMMANDS = ["wafw00f --help"]

179
    PROJECT_URL = "https://github.com/EnableSecurity/wafw00f"

180


181


182
class Katana(HackingTool):

183
    TITLE = "Katana (Web Crawler)"

184
    DESCRIPTION = (

185
        "Next-generation crawling and spidering framework from ProjectDiscovery.\n"

186
        "Usage: katana -u https://example.com"

187
    )

188
    REQUIRES_GO = True

189
    INSTALL_COMMANDS = [

190
        "go install -v github.com/projectdiscovery/katana/cmd/katana@latest",

191
    ]

192
    RUN_COMMANDS = ["katana -h"]

193
    PROJECT_URL = "https://github.com/projectdiscovery/katana"

194


195


196
class Gobuster(HackingTool):

197
    TITLE = "Gobuster (Dir/DNS/Vhost Brute Force)"

198
    DESCRIPTION = "Directory/file, DNS, and vhost brute-forcing tool written in Go."

199
    REQUIRES_GO = True

200
    INSTALL_COMMANDS = ["go install github.com/OJ/gobuster/v3@latest"]

201
    RUN_COMMANDS = ["gobuster --help"]

202
    PROJECT_URL = "https://github.com/OJ/gobuster"

203


204


205
class Dirsearch(HackingTool):

206
    TITLE = "Dirsearch (Web Path Discovery)"

207
    DESCRIPTION = "Web path brute-forcing tool for discovering directories and files on web servers."

208
    INSTALL_COMMANDS = ["pip install --user dirsearch"]

209
    RUN_COMMANDS = ["dirsearch --help"]

210
    PROJECT_URL = "https://github.com/maurosoria/dirsearch"

211


212


213
class OwaspZap(HackingTool):

214
    TITLE = "OWASP ZAP (Web App Scanner)"

215
    DESCRIPTION = "Full-featured web application security scanner — proxy, spider, fuzzer, scanner."

216
    SUPPORTED_OS = ["linux"]

217
    INSTALL_COMMANDS = ["sudo apt-get install -y zaproxy"]

218
    RUN_COMMANDS = ["zaproxy --help"]

219
    PROJECT_URL = "https://github.com/zaproxy/zaproxy"

220


221


222
class TestSSL(HackingTool):

223
    TITLE = "testssl.sh (TLS/SSL Checker)"

224
    DESCRIPTION = "Check TLS/SSL ciphers, protocols, and cryptographic flaws on any port."

225
    INSTALL_COMMANDS = ["git clone https://github.com/drwetter/testssl.sh.git"]

226
    RUN_COMMANDS = ["cd testssl.sh && ./testssl.sh --help"]

227
    PROJECT_URL = "https://github.com/drwetter/testssl.sh"

228


229


230
class Arjun(HackingTool):

231
    TITLE = "Arjun (HTTP Parameter Discovery)"

232
    DESCRIPTION = "HTTP parameter discovery suite that finds hidden GET/POST parameters."

233
    INSTALL_COMMANDS = ["pip install --user arjun"]

234
    RUN_COMMANDS = ["arjun --help"]

235
    PROJECT_URL = "https://github.com/s0md3v/Arjun"

236


237


238
class Caido(HackingTool):

239
    TITLE = "Caido (Web Security Auditing)"

240
    DESCRIPTION = "Lightweight, modern web security auditing toolkit — Burp Suite alternative written in Rust."

241
    INSTALL_COMMANDS = [

242
        "curl -sSL https://caido.download/releases/latest/caido-cli-linux-x86_64.tar.gz | sudo tar xz -C /usr/local/bin",

243
    ]

244
    RUN_COMMANDS = ["caido --help"]

245
    PROJECT_URL = "https://github.com/caido/caido"

246
    SUPPORTED_OS = ["linux", "macos"]

247


248


249
class Mitmproxy(HackingTool):

250
    TITLE = "mitmproxy (Intercepting Proxy)"

251
    DESCRIPTION = "Interactive TLS-capable intercepting HTTP proxy for pentesters and developers."

252
    INSTALL_COMMANDS = ["pip install --user mitmproxy"]

253
    RUN_COMMANDS = ["mitmproxy --version"]

254
    PROJECT_URL = "https://github.com/mitmproxy/mitmproxy"

255


256


257
class WebAttackTools(HackingToolsCollection):

258
    TITLE = "Web Attack tools"

259
    DESCRIPTION = ""

260
    TOOLS = [

261
        Web2Attack(),

262
        Skipfish(),

263
        SubDomainFinder(),

264
        CheckURL(),

265
        Blazy(),

266
        SubDomainTakeOver(),

267
        Dirb(),

268
        Nuclei(),

269
        Ffuf(),

270
        Feroxbuster(),

271
        Nikto(),

272
        Wafw00f(),

273
        Katana(),

274
        Gobuster(),

275
        Dirsearch(),

276
        OwaspZap(),

277
        TestSSL(),

278
        Arjun(),

279
        Caido(),

280
        Mitmproxy(),

281
    ]

282


283
if __name__ == "__main__":

284
    tools = WebAttackTools()

285
    tools.show_options()

286


287