1N3 / Blackwidow
Licence: other
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Blackwidow
V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (-4.51%)
Mutual labels: scanner, vulnerability, xss, sqli
Resources
No description or website provided.
Stars: ✭ 38 (-95.72%)
Mutual labels: osint, scanner, xss, bugbounty
Phpvuln
Audit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (-83.54%)
Mutual labels: vulnerability, xss, owasp, sqli
Hackerone Reports
Top disclosed reports from HackerOne
Stars: ✭ 458 (-48.37%)
Mutual labels: xss, rce, csrf, bugbounty
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+9.81%)
Mutual labels: scanner, xss, sqli, bugbounty
nuubi
Nuubi Tools (Information-ghatering|Scanner|Recon.)
Stars: ✭ 76 (-91.43%)
Mutual labels: osint, scanner, bugbounty
PastebinMarkdownXSS
XSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (-90.53%)
Mutual labels: xss, vulnerability, bugbounty
Penetration testing poc
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+334.95%)
Mutual labels: xss, rce, csrf
Dalfox
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Stars: ✭ 791 (-10.82%)
Mutual labels: scanner, xss, bugbounty
Reconspider
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
Stars: ✭ 621 (-29.99%)
Mutual labels: osint, scanner, automated
Command Injection Payload List
🎯 Command Injection Payload List
Stars: ✭ 658 (-25.82%)
Mutual labels: application, vulnerability, bugbounty
AttackSurfaceManagement
Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✭ 45 (-94.93%)
Mutual labels: osint, bugbounty, automated
SecExample
JAVA 漏洞靶场 (Vulnerability Environment For Java)
Stars: ✭ 228 (-74.3%)
Mutual labels: rce, vulnerability, csrf
PayloadsAll
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-96.51%)
Mutual labels: rce, vulnerability, bugbounty
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-83.99%)
Mutual labels: scanner, scan, bugbounty
Whour
Tool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.
Stars: ✭ 18 (-97.97%)
Mutual labels: scanner, vulnerability, sqli
Xspear
Powerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (-34.27%)
Mutual labels: scanner, xss, bugbounty
Corsme
Cross Origin Resource Sharing MisConfiguration Scanner
Stars: ✭ 118 (-86.7%)
Mutual labels: application, scanner, bugbounty
ABOUT:
BlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities.
DEMO VIDEO:
FEATURES:
- [x] Automatically collect all URL's from a target website
- [x] Automatically collect all dynamic URL's and parameters from a target website
- [x] Automatically collect all subdomains from a target website
- [x] Automatically collect all phone numbers from a target website
- [x] Automatically collect all email addresses from a target website
- [x] Automatically collect all form URL's from a target website
- [X] Automatically scan/fuzz for common OWASP TOP vulnerabilities
- [x] Automatically saves all data into sorted text files
LINUX INSTALL:
sudo bash install.sh
USAGE:
blackwidow -u https://target.com - crawl target.com with 3 levels of depth.
blackwidow -d target.com -l 5 -v y - crawl the domain: target.com with 5 levels of depth with verbose logging enabled.
blackwidow -d target.com -l 5 -c 'test=test' - crawl the domain: target.com with 5 levels of depth using the cookie 'test=test'
blackwidow -d target.com -l 5 -s y -v y - crawl the domain: target.com with 5 levels of depth and fuzz all unique parameters for OWASP vulnerabilities with verbose logging on.
injectx.py -u https://test.com/uers.php?user=1&admin=true -v y - Fuzz all GET parameters for common OWASP vulnerabilities with verbose logging enabled.
SAMPLE REPORT:
DOCKER:
git clone https://github.com/1N3/BlackWidow.git
cd BlackWidow
docker build -t blackwidow .
docker run -it blackwidow # Defaults to --help
LICENSE:
You may modify and re-distribute this software as long as the project name "BlackWidow", credit to the author "xer0dayz" and website URL "https://xerosecurity.com" are NOT mofified. Doing so will break the license agreement and a takedown notice will be issued.
DISCLAIMER:
This program is used for educational and ethical purposes only. I take no responsibility for any damages caused from using this program. By downloading and using this software, you agree that you take full responsibility for any damages and liability.
LINKS:
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].