WebPwn3r - A Web Application Security Scanner

WebPwn3r - A Web Application Security Scanner

WebPwn3r is a Python-based web application security scanner.

	    __          __  _     _____                 ____       
\ \ / / | | | __ \ |___ \
\ \ /\ / /__| |__ | |__) |_ ___ __ __) |_ __
\ \/ \/ / _ \ '_ \| ___/\ \ /\ / / '_ \ |__ <| '__|
\ /\ / __/ |_) | | \ V V /| | | |___) | |
\/ \/ \___|_.__/|_| \_/\_/ |_| |_|____/|_|

##############################################################
#| "WebPwn3r" Web Applications Security Scanner #
#| By Ebrahim Hegazy - @Zigoo0 #
#| This Version Supports Remote Code/Command Execution, XSS #
#| And SQL Injection. #
#| Thanks @lnxg33k, @dia2diab @Aelhemily, @okamalo #
#| More Details: http://www.sec-down.com/wordpress/?p=373 #
##############################################################

Features:

  • Scan a URL or List of URL's.
  • Detect and exploit Remote Code Injection vulnerabilities.
  • Detect and exploit Remote Command Execution vulnerabilities.
  • Detect and exploit SQL Injection vulnerabilities.
  • Detect and exploit typical XSS vulnerabilities.
  • Detect WebKnight WAF.
  • Improved Payloads to bypass Security Filters/WAF's.
  • Fingerprint the backend Technologies.

How To Use WebPwn3r

1. Run this:
python scan.py
2. The tool will ask you if you want to scan URL or List of URLs?

Enter number 1 to scan a URL
Enter number 2 to scan list of URL's

URL(s) should be a full link with parameters.

Example: http://localhost/rand/news.php?com=val&id=11&page=24&text=zigoo





Source: www.effecthacking.com
WebPwn3r - A Web Application Security Scanner WebPwn3r - A Web Application Security Scanner Reviewed by Unknown on 11:51 PM Rating: 5