swisskyrepo / damnwebscanner Goto Github PK

Another web vulnerabilities scanner, this extension works on Chrome and Opera

JavaScript 36.45% HTML 19.84% Python 41.94% Dockerfile 1.78%

sql-injection polyglot-vector web-vulnerabilities-scanner plugin extension webbrowser xss-vulnerability rce lfi scans

damnwebscanner's Introduction

Damn Web Scanner

Another web vulnerabilities scanner, this extension works on Chrome and Opera. The extension is working on the background and will notify you if it finds any vulnerability.

Currently it scans for:

SQL Injection : Time based SQLi scanner using polyglot vectors (MySQL, SQLite, Oracle, Postgresql, SQL Server)
Cross Site Scripting : Using a browser simulator (Ghost)
Local File Inclusion
Remote Commands Execution using polyglot vectors based on time

All the features are:

Detect if the server is up with a "/ping" request
New XSS vectors, work in different contexts (JS var, JS function, inside HTML tag, outside HTML tag)
Basic page to list the vulnerabilities URL and TYPE
Re-use your cookies and user-agent to get access to page with cookie-authentication
Export vulnerabilities into a CSV file
Launch scan when a form is submitted or a page is opened via the URL bar

Warning : Do not use this extension for illegal purpose, the main goal of it is to simplify the life of bug hunters. It's a BETA version, many improvements will come don't worry

Warning : A crash can happen server-side, this issue isn't resolved yet. The docker-compose.yml is set to automatically restart the docker when this happen..

Install

You need to install and configure the server, it uses ghost and flask.

To get started you only need to start the docker and the dependencies will be installed.

cd server
sudo docker-compose -f docker-compose.yml up -d --build

Edit the server configuration By default it's listening to the port 8000, it can be modified in the following files : popup.js, background.js, docker-compose.yml

var config_server = "http://127.0.0.1:8000";

The extension isn't packed, to use it go to chrome://extensions or opera://extensions then select "Load unpacked extension"
Browse the internet ! (Don't forget to start the extension by clicking the 'START' button)

You can try the Error SQL, Blind SQL, LFI with Damn Vulnerable Web App. The SQL Injection scanner was also tested on https://pentesterlab.com/badges/essential.

Debugging

It's strongly recommended to debug any problem with Portainer using the logs table.

http://127.0.0.1:9000/#/containers/[INSERT HERE THE CONTAINER'S ID]/logs

You will have an output like this :

STDOUT
---[ POST - New parameter rememberme for url: http://[REDACTED]/login.php ]---
		�[94mXSS Failed �[0m for  rememberme  with the payload : jaVasCript:alert(1)//" name=alert(1) ]'"><!--
		�[94mLFI Failed �[0m for  rememberme  with the payload : /etc/passwd
		�[94mSQLi Detected �[0m for  rememberme  with the payload : '
		�[94mTime Based SQLi ( MySQL ) Failed �[0m for  rememberme  with the payload : SLEEP(4) /*' || SLEEP(4) || '" || SLEEP(4) || "*/
		�[94mTime Based SQLi ( SQLite ) Failed �[0m for  rememberme  with the payload : substr(upper(hex(randomblob(55555555))),0,1) /[*' or substr(upper(hex(randomblob(55555555))),0,1) or '" or substr(upper(hex(randomblob(55555555)])),0,1) or "*/
		�[94mTime Based SQLi ( PostgreSQL ) Failed �[0m for  rememberme  with the payload : (SELECT 55555555 FROM PG_SLEEP(4)) /*' || (SELECT 55555555 FROM PG_SLEEP(4)) || '" || (SELECT 55555555 FROM PG_SLEEP(4)) || "*/
		�[94mTime Based SQLi ( OracleSQL ) Failed �[0m for  rememberme  with the payload : DBMS_PIPE.RECEIVE_MESSAGE(chr(65)||chr(65)||chr(65),5) /*' || DBMS_PIPE.RECEIVE_MESSAGE(chr(65)||chr(65)||chr(65),5) || '" || DBMS_PIPE.RECEIVE_MESSAGE(chr(65)||chr(65)||chr(65),5) || "*/
		�[94mTime Based SQLi ( SQL Server ) Failed �[0m for  rememberme  with the payload : WAITFOR DELAY chr(48)+chr(58)+chr(48)+chr(58)+chr(52) /*' || WAITFOR DELAY chr(48)+chr(58)+chr(48)+chr(58)+chr(52) || '" || WAITFOR DELAY chr(48)+chr(58)+chr(48)+chr(58)+chr(52) || "*/
		�[94mRCE Failed �[0m for  rememberme  with the payload : `#'|sleep${IFS}4|'`"|sleep${IFS}4|";sleep${IFS}4

STDERR
* Running on http://0.0.0.0:8000/ (Press CTRL+C to quit)
172.30.0.1 - - [11/Sep/2017 16:04:21] "GET /ping HTTP/1.1" 200 -
172.30.0.1 - - [11/Sep/2017 16:19:05] "GET /?url=http%3A//[REDACTED]/login.php&deep=0&impact=0&cookies=PHPSESSID%3DREMOVED&useragent=Mozilla/5.0%20(X11;%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/60.0.3112.90%20Safari/537.36%20OPR/47.0.2631.80&method=POST&data=username%3Abob%7Cpassword%3Abob%7Crememberme%3Aon%7C%3A%7C HTTP/1.1" 200 -
172.30.0.1 - - [11/Sep/2017 16:19:16] "GET /ping HTTP/1.1" 200 -

A "/ping" request is done at every opening of the "Plugin Window" in your browser.

If you need the exact version of the component used in the beta test, here they are.

Ghost.py==2.0.0-dev   
PySide==2.0.0~alpha0
Qt==5.5.1

Thanks, Contributors and Ideas

Polyglot vector for SQL injections The Ultimate SQL Injection Payload
Polyglot vector for XSS injection 1 One vector to rule them all
Polyglot vector for XSS injection 2 Unleashing an Ultimate XSS Polyglot

damnwebscanner's People

Contributors

Stargazers

Watchers

Forkers

jijicanyu offshores av1080p v1cker mgcfish avineshwar volt72 xbeark ssdtfarm polarislab tobey123 vf3ng chennqqi term1n80r magictoy 5up3rc webshell520 rockmelodies sharpbladelab basirsharif subc0ol ykankaya hamedcse mrrazo4 sameletom mmcybersecurity c0axial batermj s7scan grayguest abraham313 kaiiyer jienou danilocaruso mohadeb-mondal kelrose l9sk kaiserblack hacker-steroids modulexcite theeyeofhorus sry309 piggypage naveedkumbhar jcartes rkreddypandu spacetheo hackgins l3clelvl websecresearch scr1ptk1tti3 a1phard sireof huangpichao manlio-tapia imshaiknasir heartsleep 5l1v3r1 lucianmaxx dtchil etx77 rakhithjk masterscott shayubit aditya-chauhan17 lionsec96 sk3lk0 hollow667 blackstarkk mreetyunjaya limkokholefork safisec an0nym0u5101 peges parth2102 helcaraxeals deepwebhacker ejuc rajivraj fadinglr guptaofficial17 saurabharch dekoder sw1ng19 zer0dayh4ckz0r kaka77 stickybit01 pafh99 witchfindertr hartl3y94 0unknown0shadow0 batamhacker syfanx suryatmodulus ba7jcm actorexpose oakkaya xiaolushuo ozzpy asimsharf

damnwebscanner's Issues

400 Bad Request

Hey ,

First of All Thanks for Creating This Plugin .

I m Facing 400 Bad Request whenever i click on Extension .

 * Running on http://0.0.0.0:8000/ (Press CTRL+C to quit)
192.168.0.103 - - [27/Nov/2017 11:54:59] "GET / HTTP/1.1" 400 -
192.168.0.103 - - [27/Nov/2017 11:55:43] "GET / HTTP/1.1" 400 -
192.168.0.103 - - [27/Nov/2017 11:55:45] "GET / HTTP/1.1" 400 -
192.168.0.103 - - [27/Nov/2017 11:55:46] "GET / HTTP/1.1" 400 -
192.168.0.103 - - [27/Nov/2017 11:55:47] "GET / HTTP/1.1" 400 -
192.168.0.103 - - [27/Nov/2017 11:55:50] "GET / HTTP/1.1" 400 -
192.168.0.103 - - [27/Nov/2017 11:56:01] "GET / HTTP/1.1" 400 -
192.168.0.103 - - [27/Nov/2017 11:57:00] "GET / HTTP/1.1" 400 -

What are the Things you Suggest me to look for to Debug ?

What versions does this tool support?

hi, Does this tool only support python3? The following error message appears
when i run it with Python 2.7.10.

(DamnWebScanEnv) ➜  Server git:(master) ✗ ./launch.sh 
[2017-06-19 15:19:07 +0800] [13482] [INFO] Starting gunicorn 19.7.1
[2017-06-19 15:19:07 +0800] [13482] [INFO] Listening at: http://127.0.0.1:8000 (13482)
[2017-06-19 15:19:07 +0800] [13482] [INFO] Using worker: sync
[2017-06-19 15:19:07 +0800] [13485] [INFO] Booting worker with pid: 13485
[2017-06-19 15:19:07 +0800] [13485] [ERROR] Exception in worker process
Traceback (most recent call last):
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/arbiter.py", line 578, in spawn_worker
    worker.init_process()
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/workers/base.py", line 126, in init_process
    self.load_wsgi()
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/workers/base.py", line 135, in load_wsgi
    self.wsgi = self.app.wsgi()
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/app/base.py", line 67, in wsgi
    self.callable = self.load()
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/app/wsgiapp.py", line 65, in load
    return self.load_wsgiapp()
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/app/wsgiapp.py", line 52, in load_wsgiapp
    return util.import_app(self.app_uri)
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/util.py", line 352, in import_app
    __import__(module)
  File "/Users/komi/Pentest/Tools/DamnWebScanner/Server/server.py", line 4, in <module>
    from ghost import Ghost
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/ghost/__init__.py", line 1, in <module>
    from .ghost import (
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/ghost/ghost.py", line 9, in <module>
    from http.cookiejar import Cookie, LWPCookieJar
ImportError: No module named http.cookiejar
[2017-06-19 15:19:07 +0800] [13485] [INFO] Worker exiting (pid: 13485)
[2017-06-19 15:19:07 +0800] [13486] [INFO] Booting worker with pid: 13486
[2017-06-19 15:19:07 +0800] [13486] [ERROR] Exception in worker process
Traceback (most recent call last):
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/arbiter.py", line 578, in spawn_worker
    worker.init_process()
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/workers/base.py", line 126, in init_process
    self.load_wsgi()
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/workers/base.py", line 135, in load_wsgi
    self.wsgi = self.app.wsgi()
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/app/base.py", line 67, in wsgi
    self.callable = self.load()
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/app/wsgiapp.py", line 65, in load
    return self.load_wsgiapp()
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/app/wsgiapp.py", line 52, in load_wsgiapp
    return util.import_app(self.app_uri)
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/util.py", line 352, in import_app
    __import__(module)
  File "/Users/komi/Pentest/Tools/DamnWebScanner/Server/server.py", line 4, in <module>
    from ghost import Ghost
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/ghost/__init__.py", line 1, in <module>
    from .ghost import (
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/ghost/ghost.py", line 9, in <module>
    from http.cookiejar import Cookie, LWPCookieJar
ImportError: No module named http.cookiejar
[2017-06-19 15:19:07 +0800] [13486] [INFO] Worker exiting (pid: 13486)
Traceback (most recent call last):
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/bin/gunicorn", line 11, in <module>
    sys.exit(run())
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/app/wsgiapp.py", line 74, in run
    WSGIApplication("%(prog)s [OPTIONS] [APP_MODULE]").run()
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/app/base.py", line 203, in run
    super(Application, self).run()
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/app/base.py", line 72, in run
    Arbiter(self).run()
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/arbiter.py", line 231, in run
    self.halt(reason=inst.reason, exit_status=inst.exit_status)
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/arbiter.py", line 344, in halt
    self.stop()
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/arbiter.py", line 393, in stop
    time.sleep(0.1)
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/arbiter.py", line 244, in handle_chld
    self.reap_workers()
  File "/Users/komi/Pentest/Tools/DamnWebScanner/DamnWebScanEnv/lib/python2.7/site-packages/gunicorn/arbiter.py", line 524, in reap_workers
    raise HaltServer(reason, self.WORKER_BOOT_ERROR)
gunicorn.errors.HaltServer: <HaltServer 'Worker failed to boot.' 3>
(DamnWebScanEnv) ➜  Server git:(master) ✗

Still maintain?

Hello,

Are you still maintain it? I re-wrote some of your code to fix bugs and new featues (expression injection, etc) to it, would you please want to see it?

If try to connect to web server from browser ERR_CONNECTION_REFUSED.
I used windows 10 and after install docker binded ip adress is
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a3e502d39f39 server_web "python3 server.py" 12 minutes ago Up 12 minutes 0.0.0.0:80->80/tcp server_web_1

swisskyrepo / damnwebscanner Goto Github PK

damnwebscanner's Introduction

Damn Web Scanner

Install

Debugging

Thanks, Contributors and Ideas

damnwebscanner's People

Contributors

Stargazers

Watchers

Forkers

damnwebscanner's Issues

400 Bad Request

What versions does this tool support?

Still maintain?

Cannot connect to ip

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs