{"id":104,"date":"2018-01-13T16:49:56","date_gmt":"2018-01-13T16:49:56","guid":{"rendered":"http:\/\/malwrforensics.com\/en\/?p=104"},"modified":"2018-01-14T04:40:08","modified_gmt":"2018-01-14T04:40:08","slug":"webpwntool","status":"publish","type":"post","link":"https:\/\/malwrforensics.com\/en\/2018\/01\/13\/webpwntool\/","title":{"rendered":"WebPwnTool"},"content":{"rendered":"<p>This is a python script designed to automatically find XSS (cross-site scripting), directory traversal\/LFI (local file inclusion) and open redirect vulnerabilities. It uses a predefined dictionary for XSS\/LFI attacks that can easily be extended.<br \/>\nThe open redirect vulnerabilities are checked against\u00a0<a href=\"http:\/\/malwrforensics.com\/\">malwrforensics.com<\/a><\/p>\n<p><b>The tool is released for testing purposes ONLY!<\/b><\/p>\n<p><b>How to use<\/b>:<br \/>\nJust point and shoot. Optionally you can use either\u00a0<strong>&#8211;checkxss<\/strong>,\u00a0<strong>&#8211;checkdirtrv<\/strong>,\u00a0<strong>&#8211;checkopenredir<\/strong>\u00a0or\u00a0<strong>&#8211;all<\/strong>. The default option is\u00a0<strong>&#8211;all<\/strong><\/p>\n<figure id=\"attachment_105\" aria-describedby=\"caption-attachment-105\" style=\"width: 682px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-105\" src=\"http:\/\/malwrforensics.com\/en\/wp-content\/uploads\/2018\/01\/webpwntool_help-300x66.png\" alt=\"\" width=\"682\" height=\"150\" srcset=\"https:\/\/malwrforensics.com\/en\/wp-content\/uploads\/2018\/01\/webpwntool_help-300x66.png 300w, https:\/\/malwrforensics.com\/en\/wp-content\/uploads\/2018\/01\/webpwntool_help-768x168.png 768w, https:\/\/malwrforensics.com\/en\/wp-content\/uploads\/2018\/01\/webpwntool_help-1024x224.png 1024w, https:\/\/malwrforensics.com\/en\/wp-content\/uploads\/2018\/01\/webpwntool_help.png 1063w\" sizes=\"auto, (max-width: 682px) 100vw, 682px\" \/><figcaption id=\"caption-attachment-105\" class=\"wp-caption-text\">options<\/figcaption><\/figure>\n<figure id=\"attachment_106\" aria-describedby=\"caption-attachment-106\" style=\"width: 603px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-106\" src=\"http:\/\/malwrforensics.com\/en\/wp-content\/uploads\/2018\/01\/webpwntool_xss-300x110.png\" alt=\"\" width=\"603\" height=\"221\" srcset=\"https:\/\/malwrforensics.com\/en\/wp-content\/uploads\/2018\/01\/webpwntool_xss-300x110.png 300w, https:\/\/malwrforensics.com\/en\/wp-content\/uploads\/2018\/01\/webpwntool_xss.png 560w\" sizes=\"auto, (max-width: 603px) 100vw, 603px\" \/><figcaption id=\"caption-attachment-106\" class=\"wp-caption-text\">XSS scan<\/figcaption><\/figure>\n<figure id=\"attachment_107\" aria-describedby=\"caption-attachment-107\" style=\"width: 612px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-107\" src=\"http:\/\/malwrforensics.com\/en\/wp-content\/uploads\/2018\/01\/webpwntool_dir_traversal_lfi-300x102.png\" alt=\"\" width=\"612\" height=\"208\" srcset=\"https:\/\/malwrforensics.com\/en\/wp-content\/uploads\/2018\/01\/webpwntool_dir_traversal_lfi-300x102.png 300w, https:\/\/malwrforensics.com\/en\/wp-content\/uploads\/2018\/01\/webpwntool_dir_traversal_lfi.png 642w\" sizes=\"auto, (max-width: 612px) 100vw, 612px\" \/><figcaption id=\"caption-attachment-107\" class=\"wp-caption-text\">directory traversal\/LFI scan<\/figcaption><\/figure>\n<figure id=\"attachment_108\" aria-describedby=\"caption-attachment-108\" style=\"width: 606px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-108\" src=\"http:\/\/malwrforensics.com\/en\/wp-content\/uploads\/2018\/01\/webpwntool_open_redirect-300x102.png\" alt=\"\" width=\"606\" height=\"206\" srcset=\"https:\/\/malwrforensics.com\/en\/wp-content\/uploads\/2018\/01\/webpwntool_open_redirect-300x102.png 300w, https:\/\/malwrforensics.com\/en\/wp-content\/uploads\/2018\/01\/webpwntool_open_redirect.png 634w\" sizes=\"auto, (max-width: 606px) 100vw, 606px\" \/><figcaption id=\"caption-attachment-108\" class=\"wp-caption-text\">open redirect scan<\/figcaption><\/figure>\n<p>The code is available on github. It can be downloaded from\u00a0<a href=\"https:\/\/github.com\/asaygo\/malwrforensics\/blob\/master\/scripts\/webpwntool.py\" target=\"_blank\" rel=\"noopener\"><strong>here<\/strong>.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is a python script designed to automatically find XSS (cross-site scripting), directory traversal\/LFI (local file inclusion) and open redirect vulnerabilities. It uses a predefined dictionary for XSS\/LFI attacks that can easily be extended. The open redirect vulnerabilities are checked against\u00a0malwrforensics.com The tool is released for testing purposes ONLY! How to use: Just point and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[27,5,26,11,6,23,24,25],"class_list":["post-104","post","type-post","status-publish","format-standard","hentry","category-security","tag-directory-traversal","tag-exploit","tag-lfi","tag-linux","tag-tool","tag-web","tag-web-security","tag-xss"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[]}},"featured_image_urls_v2":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":""},"post_excerpt_stackable_v2":"<p>This is a python script designed to automatically find XSS (cross-site scripting), directory traversal\/LFI (local file inclusion) and open redirect vulnerabilities. It uses a predefined dictionary for XSS\/LFI attacks that can easily be extended. The open redirect vulnerabilities are checked against\u00a0malwrforensics.com The tool is released for testing purposes ONLY! How to use: Just point and shoot. Optionally you can use either\u00a0&#8211;checkxss,\u00a0&#8211;checkdirtrv,\u00a0&#8211;checkopenredir\u00a0or\u00a0&#8211;all. The default option is\u00a0&#8211;all options XSS scan directory traversal\/LFI scan open redirect scan The code is available on github. It can be downloaded from\u00a0here.<\/p>\n","category_list_v2":"<a href=\"https:\/\/malwrforensics.com\/en\/category\/security\/\" rel=\"category tag\">Security<\/a>","author_info_v2":{"name":"malwrforensics","url":"https:\/\/malwrforensics.com\/en\/author\/u_malwrforensics\/"},"comments_num_v2":"0 comments","_links":{"self":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/104","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/comments?post=104"}],"version-history":[{"count":1,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/104\/revisions"}],"predecessor-version":[{"id":109,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/104\/revisions\/109"}],"wp:attachment":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/media?parent=104"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/categories?post=104"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/tags?post=104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}