GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → SVelizDonoso → checkweb

SVelizDonoso / checkweb

Licence: MIT license
Identificador de Seguridad Web para Pentester

Programming Languages

python
139335 projects - #7 most used programming language
HTML
75241 projects

Labels

httphackingscanfingerprinting

Projects that are alternatives of or similar to checkweb

trivy-vulnerability-explorer
Web application that allows to load a Trivy report in json format and displays the vulnerabilities of a single target in an interactive data table.
Stars: ✭ 63 (+231.58%)
Mutual labels:  scan
paperbase
Open source document organizer with automatic OCR and full text search
Stars: ✭ 21 (+10.53%)
Mutual labels:  scan
VirusTotalScanner
Scan suspicious applications with over 60 different anti-viruses with a mere two clicks and five seconds!
Stars: ✭ 18 (-5.26%)
Mutual labels:  scan
WPWatcher
Wordpress Watcher is a wrapper for WPScan that manages scans on multiple sites and reports by email and/or syslog. Schedule scans and get notified when vulnerabilities, outdated plugins and other risks are found.
Stars: ✭ 34 (+78.95%)
Mutual labels:  scan
kube-beacon
Open Source runtime scanner for k8s cluster and perform security audit checks based on CIS Kubernetes Benchmark specification
Stars: ✭ 60 (+215.79%)
Mutual labels:  scan
graphw00f
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
Stars: ✭ 260 (+1268.42%)
Mutual labels:  fingerprinting
DNTScanner.Core
DNTScanner.Core is a .NET 4x and .NET Core 2x+ wrapper for the Windows Image Acquisition library.
Stars: ✭ 54 (+184.21%)
Mutual labels:  scan
FingerprintHub
侦查守卫(ObserverWard)的指纹库
Stars: ✭ 495 (+2505.26%)
Mutual labels:  fingerprinting
CycleTLS
Spoof TLS/JA3 fingerprints in GO and Javascript
Stars: ✭ 362 (+1805.26%)
Mutual labels:  fingerprinting
massnmap
Scans an internal network using massscan and nmap
Stars: ✭ 18 (-5.26%)
Mutual labels:  scan
website-fingerprinting
Deanonymizing Tor or VPN users with website fingerprinting and machine learning.
Stars: ✭ 59 (+210.53%)
Mutual labels:  fingerprinting
nmap-formatter
A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.
Stars: ✭ 129 (+578.95%)
Mutual labels:  scan
Vytal
Browser extension to spoof timezone, geolocation, locale and user agent.
Stars: ✭ 1,449 (+7526.32%)
Mutual labels:  fingerprinting
Mobile Phone Tracking
This repository is source code for some of the attacks defined in this paper (https://arxiv.org/pdf/1703.02874v1.pdf). Not all attacks will be available. Please read the README.md
Stars: ✭ 20 (+5.26%)
Mutual labels:  fingerprinting
thanker
Don't be a wanker, be a thanker! Automatically give thanks to Pypi packages you use in your project.
Stars: ✭ 25 (+31.58%)
Mutual labels:  scan
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (+647.37%)
Mutual labels:  scan
kubexray
JFrog KubeXray scanner on Kubernetes
Stars: ✭ 22 (+15.79%)
Mutual labels:  scan
epictracker
A demo of how can I track you using fingerprinting and some automated lookups and stuff, using modern Javascript APIs
Stars: ✭ 17 (-10.53%)
Mutual labels:  fingerprinting
PSnmap
Svendsen Tech's PowerShell nmap-like port scanner accepting IPv4 CIDR notation
Stars: ✭ 37 (+94.74%)
Mutual labels:  scan
blog-nojs-fingerprint-demo
A demo for the no-JavaScript fingerprinting article
Stars: ✭ 443 (+2231.58%)
Mutual labels:  fingerprinting
View All Similar Projects ➔

CheckWeb

Descripción

CheckWeb es una herramienta que utiliza varias técnicas para investigar y recolectar, toda la información necesaria de un objetivo antes de planificar un Pentesting Web, la idea es que CheckWeb, ayude a pentester de habla hispana a agilizar sus tareas y no perder tiempo en ejecutar varias herramientas por separado.

Funcionalidades

CheckWeb está pensado para auditar aplicaciones web en los siguientes ámbitos:

  • Buscar en la base de datos de Internet (Whois)
  • Buscar país y ciudad donde residen los servidores
  • Buscar nombres de dominios
  • Buscar información de contacto
  • Buscar toda la información que se pueda extraer de los DNS
  • Fuerza Bruta DNS
  • Transferencia de Zona DNS
  • Banner Grabbing
  • IP Traceroute
  • Cabeceras de Seguridad HTTP
  • Detección de WAF
  • Tecnología Utilizada HTTP
  • Escaneo de Puertos con Nmap

Soporte

Por el momento Checkweb soporta OS Linux

Dependencias

Antes de ejecutar el script asegúrate de que estén instaladas las dependencias necesarias en tu Linux

pip install deepcopy
pip install urlparse2
pip install requests
pip install python-whois
pip install python-nmap
pip install dnspython
pip install IPy
pip install BeautifulSoup
pip install builtwith

Instalación

git clone https://github.com/SVelizDonoso/checkweb.git
cd checkweb
pip install -r requirements.txt
python checkweb.py

Opciones

python checkweb.py

	 ▄████▄   ██░ ██ ▓█████  ▄████▄   ██ ▄█▀ █     █░▓█████  ▄▄▄▄      
	▒██▀ ▀█  ▓██░ ██▒▓█   ▀ ▒██▀ ▀█   ██▄█▒ ▓█░ █ ░█░▓█   ▀ ▓█████▄    
	▒▓█    ▄ ▒██▀▀██░▒███   ▒▓█    ▄ ▓███▄░ ▒█░ █ ░█ ▒███   ▒██▒ ▄██   
	▒▓▓▄ ▄██▒░▓█ ░██ ▒▓█  ▄ ▒▓▓▄ ▄██▒▓██ █▄ ░█░ █ ░█ ▒▓█  ▄ ▒██░█▀     
	▒ ▓███▀ ░░▓█▒░██▓░▒████▒▒ ▓███▀ ░▒██▒ █▄░░██▒██▓ ░▒████▒░▓█  ▀█▓   
	░ ░▒ ▒  ░ ▒ ░░▒░▒░░ ▒░ ░░ ░▒ ▒  ░▒ ▒▒ ▓▒░ ▓░▒ ▒  ░░ ▒░ ░░▒▓███▀▒   
	  ░  ▒    ▒ ░▒░ ░ ░ ░  ░  ░  ▒   ░ ░▒ ▒░  ▒ ░ ░   ░ ░  ░▒░▒   ░    
	░         ░  ░░ ░   ░   ░        ░ ░░ ░   ░   ░     ░    ░    ░    
	░ ░       ░  ░  ░   ░  ░░ ░      ░  ░       ░       ░  ░ ░         
	░                       ░                                     ░  
                        Identificador de Seguridad Web para Pentester                                    

                                                           
    Developer: @svelizdonoso                                                      
    GitHub:    https://github.com/SVelizDonoso
    Correo:    [email protected]

    
usage: checkweb.py [-h] [-u URL] [-waf] [-sec] [-w] [-c] [-b] [-bru BRUTE]
                [-tz] [-t] [-tec] [-pscan] [-r REPORTE] [-l] [--version]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     URL del Servidor
  -waf, --waff          Detectar Proteccion deWAF
  -sec, --httpsec       Seguridad cabeceras HTTP
  -w, --whois           Obtener Informacion publica Dominio
  -c, --country         Obtener Informacion Pais
  -b, --banner          Obtener Banner HTTP
  -bru BRUTE, --dnsbrute BRUTE 
                        Fuerza Bruta DNS
  -tz 			Transferencia de Zona DNS
  -t, --tracert         Determinar la ruta que toma un paquete para alcanzar
                        su destino.
  -tec, --tecnologia    Obtener Tecnologia Web Usada
  -pscan, --portscan    Escaneo de Puertos Top 1000.
  -r REPORTE, --reporte REPORTE
                        Crea reporte HTML del Objetivo.
  -l, --list            Waf Soportados por el script
  --version             show program's version number and exit

Lista de Waf Soportados

python checkweb.py --list
    
[*] Lista de WAF Soportados: 
 
[*] Citrix NetScaler
[*] Amazon CloudFront CDN
[*] TrafficShield F5 Networks
[*] ModSecurity
[*] Sucuri WAF
[*] 360
[*] Safedog
[*] NetContinuum
[*] Anquanbao
[*] Baidu Yunjiasu
[*] Knownsec KS-WAF
[*] BIG-IP
[*] Barracuda
[*] BinarySEC
[*] BlockDos
[*] Cisco ACE
[*] CloudFlare
[*] NetScaler
[*] FortiWeb
[*] jiasule
[*] Newdefend
[*] Palo Alto
[*] Safe3WAF
[*] Profense
[*] West263CDN
[*] WebKnight
[*] Wallarm
[*] USP Secure Entry Server
[*] Radware AppWall
[*] PowerCDN
[*] Naxsi
[*] Mission Control Application Shield
[*] IBM WebSphere DataPower
[*] Edgecast
[*] Applicure dotDefender
[*] Comodo WAF
[*] ChinaCache-CDN
[*] NSFocus

Uso de la Herramienta

python checkweb.py -u https://www.microsoft.com -waf -sec -w -c -b -bru=S -tz -t -tec -pscan -r=/tmp/reporte.htm

Ajustes de Fuerza bruta DNS

--dnsbrute=S o -bru=S    SMALL Lista 150 subdominios 
--dnsbrute=M o -bru=M    MEDIUM diccionario 500 subdominios
--dnsbrute=L o -bru=L    LARGE diccionario 1.000 subdominios
--dnsbrute=XL o -bru=XL  XLARGE diccionario 10.000 subdominios

Video

[Demo CheckWeb]
[Video Checkweb ]https://gifyu.com/image/sGUx

Advertencia

Este software se creo SOLAMENTE para fines educativos. No soy responsable de su uso. Úselo con extrema precaución.

Autor

@sveliz https://github.com/SVelizDonoso/

Reporte HTML Demo

https://svelizdonoso.github.io/checkweb/reporte.html

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].