WebPwn3r - A Web Application Security Scanner

November 08, 2017 ,
WebPwn3r - A Web Application Security Scanner

WebPwn3r is a Python-based web application security scanner.

	    __          __  _     _____                 ____       
	    \ \        / / | |   |  __ \               |___ \      
	     \ \  /\  / /__| |__ | |__) |_      ___ __   __) |_ __ 
	      \ \/  \/ / _ \ '_ \|  ___/\ \ /\ / / '_ \ |__ <| '__|
 	       \  /\  /  __/ |_) | |     \ V  V /| | | |___) | |   
 	        \/  \/ \___|_.__/|_|      \_/\_/ |_| |_|____/|_|   
                                                    
        ##############################################################
        #| "WebPwn3r" Web Applications Security Scanner              #
        #|  By Ebrahim Hegazy - @Zigoo0                              #
        #|  This Version Supports Remote Code/Command Execution, XSS #
        #|  And SQL Injection.                                       #
	#|  Thanks @lnxg33k, @dia2diab @Aelhemily, @okamalo          #
	#|  More Details: http://www.sec-down.com/wordpress/?p=373   #
        ##############################################################

Features:

  • Scan a URL or List of URL's.
  • Detect and exploit Remote Code Injection vulnerabilities.
  • Detect and exploit Remote Command Execution vulnerabilities.
  • Detect and exploit SQL Injection vulnerabilities.
  • Detect and exploit typical XSS vulnerabilities.
  • Detect WebKnight WAF.
  • Improved Payloads to bypass Security Filters/WAF's.
  • Fingerprint the backend Technologies.

How To Use WebPwn3r

1. Run this:
python scan.py
2. The tool will ask you if you want to scan URL or List of URLs?

Enter number 1 to scan a URL
Enter number 2 to scan list of URL's

URL(s) should be a full link with parameters.

Example: http://localhost/rand/news.php?com=val&id=11&page=24&text=zigoo



Download WebPwn3r

Post a Comment

No comments

Subscribe to: Post Comments ( Atom )
Powered by Blogger.