Web-fu Is a web hacking tool focused on discovering and exploiting web vulnerabilitites.
BROWSER INTEGRATION
This tool has many advantages, as a browser-embedded webhacking tool, is very useful for scanning browser-authenticated applications, if browser can authenticate and access to the web application, the tool also can. Note that some other tools do not support neither certificate authentication nor web vpn accesses.
The integration with chrome, provides a more comfortable and agile way of web-hacking, and you have all the application data loaded on the hacking tool, you don't need to copy the url, cookies, etc. to the tool, just right click and hack.
The browser rendering engine is also used in this tool, to draw the html of the responses.
FALSES POSITIVES
When I coded this tool, I was obsessed with false positives, which is the main problem in all detection tools. I have implemented a gauss algorithm, to reduce the faslse positives automatically which works very very well, and save a lot of time to the pentester.
VIDEO
Here is a video, with some of the web-fu functionalitites:
VISUAL FEATURES
This tool has a visual crawler. Normal crawlers doesn't parse the ajvascript, this tool does. The visual crawler loads each link of the web site, rendering the html and executing all the javascript as a normal load, then the links are processed from he DOM and clicked.
A visual form cracker, is also available, althow is experimental and only works on some kind of forms.
SCANNING FEATURES
The web-fu's portscanner, has a database of a common web ports, like 80,81,8080 and so on.
The cracker module, can bruteforce web directories to find new attack vectors, and can fuzz get and post parameters for discovering vulns, and also crack passwords. There are 9 preloaded wordlists, and you can also load a custom wordlist. Prefilters, falsepositive reductor and render will be helpful. The scanners support SSL, if the website can be loaded in the chrome, can be scanned by web-fu.
ENCODERS & DECODERS
The supported encoders and decoders are: base64, urlescape and urlencode
OTHER FEATURES
A web notepad is available, saving the information on the browser localStorage, there is one notepad per site. A cookie editor is also very useful for pentesting. The inteceptor, is like a web proxy but from the inside of the browser, you can intercept a request There is also a session locker and a exploit web search.
CHROME STORE
Here is the link to the chrome store, the prize is about one euro, very cheap if you compare with other scanners: Web-Fu on Chrome Store
With webfu, you will do the best web site pentest and vulnerability assessment.
BROWSER INTEGRATION
This tool has many advantages, as a browser-embedded webhacking tool, is very useful for scanning browser-authenticated applications, if browser can authenticate and access to the web application, the tool also can. Note that some other tools do not support neither certificate authentication nor web vpn accesses.
The integration with chrome, provides a more comfortable and agile way of web-hacking, and you have all the application data loaded on the hacking tool, you don't need to copy the url, cookies, etc. to the tool, just right click and hack.
The browser rendering engine is also used in this tool, to draw the html of the responses.
FALSES POSITIVES
When I coded this tool, I was obsessed with false positives, which is the main problem in all detection tools. I have implemented a gauss algorithm, to reduce the faslse positives automatically which works very very well, and save a lot of time to the pentester.
VIDEO
Here is a video, with some of the web-fu functionalitites:
VISUAL FEATURES
This tool has a visual crawler. Normal crawlers doesn't parse the ajvascript, this tool does. The visual crawler loads each link of the web site, rendering the html and executing all the javascript as a normal load, then the links are processed from he DOM and clicked.
A visual form cracker, is also available, althow is experimental and only works on some kind of forms.
SCANNING FEATURES
The web-fu's portscanner, has a database of a common web ports, like 80,81,8080 and so on.
The cracker module, can bruteforce web directories to find new attack vectors, and can fuzz get and post parameters for discovering vulns, and also crack passwords. There are 9 preloaded wordlists, and you can also load a custom wordlist. Prefilters, falsepositive reductor and render will be helpful. The scanners support SSL, if the website can be loaded in the chrome, can be scanned by web-fu.
ENCODERS & DECODERS
The supported encoders and decoders are: base64, urlescape and urlencode
OTHER FEATURES
A web notepad is available, saving the information on the browser localStorage, there is one notepad per site. A cookie editor is also very useful for pentesting. The inteceptor, is like a web proxy but from the inside of the browser, you can intercept a request There is also a session locker and a exploit web search.
CHROME STORE
Here is the link to the chrome store, the prize is about one euro, very cheap if you compare with other scanners: Web-Fu on Chrome Store
With webfu, you will do the best web site pentest and vulnerability assessment.
More information
- Pentest Tools Subdomain
- Hacking Tools Windows 10
- Hacking Tools For Windows
- Hacker Tools Free Download
- Hack And Tools
- Hacking Tools Mac
- Hacker Tools Online
- Pentest Tools List
- Hacking Tools Windows
- Termux Hacking Tools 2019
- Hack Tools Mac
- Top Pentest Tools
- Hack Apps
- Pentest Tools Kali Linux
- Pentest Tools Alternative
- Hacking Tools For Windows
- Hack Rom Tools
- Hack Rom Tools
- Hacker Tools Windows
- Hack Rom Tools
- Tools Used For Hacking
- Pentest Tools Tcp Port Scanner
- Best Pentesting Tools 2018
- Hack Tools Mac
- Top Pentest Tools
- Pentest Tools Review
- Hack Tools Mac
- Tools 4 Hack
- Hack Apps
- Pentest Tools Alternative
- Hacking Tools Name
- Growth Hacker Tools
- Hacker Hardware Tools
- Hacker Tool Kit
- Hacking Tools For Mac
- Pentest Tools Apk
- Tools For Hacker
- Hacker Hardware Tools
- Hack Tools
- Hacker Tools Mac
- Hacker Tools 2019
- Hacking Tools Github
- What Is Hacking Tools
- Hacking Tools For Mac
- Hacking Tools And Software
- Pentest Tools Url Fuzzer
- Hackrf Tools
- Pentest Tools Tcp Port Scanner
- Hack Tool Apk
- Hacker Techniques Tools And Incident Handling
- Pentest Tools Find Subdomains
- Hacking Tools Online
- Hacking Tools Windows 10
- Hack Tool Apk No Root
- Physical Pentest Tools
- Pentest Tools Subdomain
- Hack Tools Github
- Pentest Box Tools Download
- Hak5 Tools
- Hacker Tools Hardware
- Pentest Tools Url Fuzzer
- Hack Website Online Tool
- Pentest Box Tools Download
- What Is Hacking Tools
- Hacker
- What Is Hacking Tools
- Nsa Hacker Tools
- Hacker Tools Software
- Hacking Tools Software
- Hacking Tools Free Download
- Hacks And Tools
- Hacker Tools Mac
- Hack Tools
- Hacking Tools For Beginners
- What Are Hacking Tools
- Ethical Hacker Tools
- Blackhat Hacker Tools
- Pentest Tools Alternative
- Pentest Tools Github
- Pentest Tools Apk
- Best Pentesting Tools 2018
- Pentest Tools
- Pentest Tools For Windows
- Hacker Tools For Windows
- Nsa Hacker Tools
- Hack Tool Apk
- Top Pentest Tools
- Tools For Hacker
- Hacker Tools Online
- Pentest Tools Online
- Hackers Toolbox
- Hack Tools
- Hacking Tools Hardware
- Hacker Tools Mac
- Hacking Tools For Games
- Hacking App
- Pentest Tools For Windows
- Hack Tools Mac
- Hacking Tools And Software
- Hacker Security Tools
- Pentest Tools Bluekeep
- Hacker Hardware Tools
- Hak5 Tools
- Pentest Tools Android
- Hacking Tools Kit
- Pentest Tools Download
Commentaires
Enregistrer un commentaire