GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → swisskyrepo → Damnwebscanner

swisskyrepo / Damnwebscanner

Another web vulnerabilities scanner, this extension works on Chrome and Opera

Programming Languages

python
139335 projects - #7 most used programming language

Labels

pluginextensionrcesql-injectionscans

Projects that are alternatives of or similar to Damnwebscanner

Cp Ddd Framework
A lightweight flexible development framework for complex business architecture with full ecosystem!轻量级业务中台开发框架,中台架构的顶层设计和完整解决方案!
Stars: ✭ 566 (+122.83%)
Mutual labels:  plugin, extension
Filebrowser
📂 Web File Browser
Stars: ✭ 13,854 (+5354.33%)
Mutual labels:  plugin, extension
Caddy V1 Webdav
📂 WebDAV support for Caddy server.
Stars: ✭ 36 (-85.83%)
Mutual labels:  plugin, extension
Hackerone Reports
Top disclosed reports from HackerOne
Stars: ✭ 458 (+80.31%)
Mutual labels:  rce, sql-injection
Icondrop
Get access to 2 million+ design resources right inside Adobe Xd, Figma, Sketch, Microsoft Office, G Suite and many more.
Stars: ✭ 174 (-31.5%)
Mutual labels:  plugin, extension
Atom Plugins
some awesome atom-plugins !
Stars: ✭ 526 (+107.09%)
Mutual labels:  plugin, extension
Caddy V1 Service
⬛️ Run Caddy as a service
Stars: ✭ 69 (-72.83%)
Mutual labels:  plugin, extension
Textext
Re-editable LaTeX graphics for Inkscape
Stars: ✭ 383 (+50.79%)
Mutual labels:  plugin, extension
Plugin.video.catchuptvandmore
Replay, Live TV and websites videos addon for Kodi
Stars: ✭ 131 (-48.43%)
Mutual labels:  plugin, extension
Dddplus
🔥 A lightweight flexible development framework for complex business architecture with full ecosystem!轻量级业务中台开发框架,中台架构的顶层设计和完整解决方案!
Stars: ✭ 107 (-57.87%)
Mutual labels:  plugin, extension
Sublimall Server
Server behind Sublimall SublimeText plugin
Stars: ✭ 43 (-83.07%)
Mutual labels:  plugin, extension
Awesome Xcode Extensions
Awesome native Xcode extensions.
Stars: ✭ 2,628 (+934.65%)
Mutual labels:  plugin, extension
Chrome Better History
Replace the default Chrome history with this better history plugin.
Stars: ✭ 103 (-59.45%)
Mutual labels:  plugin, extension
Ctrlp Py Matcher
Fast vim CtrlP matcher based on python
Stars: ✭ 229 (-9.84%)
Mutual labels:  plugin, extension
Miaow
A set of plugins for Sketch include drawing links & marks, UI Kit & Color sync, font & text replacing.
Stars: ✭ 2,536 (+898.43%)
Mutual labels:  plugin, extension
mediawiki-antispam
Antispam extension for MediaWiki.
Stars: ✭ 15 (-94.09%)
Mutual labels:  extension
pgsentinel
postgresql extension providing Active session history
Stars: ✭ 110 (-56.69%)
Mutual labels:  extension
eth-explorers-extension
Browser extension to open Ethereum addresses & transaction hash from any page on popular explorers + dashboards
Stars: ✭ 44 (-82.68%)
Mutual labels:  extension
CVE-2018-19276
CVE-2018-19276 - OpenMRS Insecure Object Deserialization RCE
Stars: ✭ 17 (-93.31%)
Mutual labels:  rce
UltraTypeBot
A fast, easy to use bot for NitroType.com
Stars: ✭ 24 (-90.55%)
Mutual labels:  extension
View All Similar Projects ➔

Damn Web Scanner

Another web vulnerabilities scanner, this extension works on Chrome and Opera. The extension is working on the background and will notify you if it finds any vulnerability.

Image of a noticiation

Currently it scans for:

  • SQL Injection : Time based SQLi scanner using polyglot vectors (MySQL, SQLite, Oracle, Postgresql, SQL Server)
  • Cross Site Scripting : Using a browser simulator (Ghost)
  • Local File Inclusion
  • Remote Commands Execution using polyglot vectors based on time

All the features are:

  • Detect if the server is up with a "/ping" request
  • New XSS vectors, work in different contexts (JS var, JS function, inside HTML tag, outside HTML tag)
  • Basic page to list the vulnerabilities URL and TYPE
  • Re-use your cookies and user-agent to get access to page with cookie-authentication
  • Export vulnerabilities into a CSV file
  • Launch scan when a form is submitted or a page is opened via the URL bar

Warning : Do not use this extension for illegal purpose, the main goal of it is to simplify the life of bug hunters. It's a BETA version, many improvements will come don't worry

Warning : A crash can happen server-side, this issue isn't resolved yet. The docker-compose.yml is set to automatically restart the docker when this happen..

Install

You need to install and configure the server, it uses ghost and flask.

  1. To get started you only need to start the docker and the dependencies will be installed.
cd server
sudo docker-compose -f docker-compose.yml up -d --build
  1. Edit the server configuration By default it's listening to the port 8000, it can be modified in the following files : popup.js, background.js, docker-compose.yml
var config_server = "http://127.0.0.1:8000";

  1. The extension isn't packed, to use it go to chrome://extensions or opera://extensions then select "Load unpacked extension"

  2. Browse the internet ! (Don't forget to start the extension by clicking the 'START' button)

You can try the Error SQL, Blind SQL, LFI with Damn Vulnerable Web App. The SQL Injection scanner was also tested on https://pentesterlab.com/badges/essential.
Image of DVWA Result

Debugging

It's strongly recommended to debug any problem with Portainer using the logs table.

http://127.0.0.1:9000/#/containers/[INSERT HERE THE CONTAINER'S ID]/logs

You will have an output like this :

STDOUT
---[ POST - New parameter rememberme for url: http://[REDACTED]/login.php ]---
		[94mXSS Failed [0m for  rememberme  with the payload : jaVasCript:alert(1)//" name=alert(1) ]'"><!--
		[94mLFI Failed [0m for  rememberme  with the payload : /etc/passwd
		[94mSQLi Detected [0m for  rememberme  with the payload : '
		[94mTime Based SQLi ( MySQL ) Failed [0m for  rememberme  with the payload : SLEEP(4) /*' || SLEEP(4) || '" || SLEEP(4) || "*/
		[94mTime Based SQLi ( SQLite ) Failed [0m for  rememberme  with the payload : substr(upper(hex(randomblob(55555555))),0,1) /[*' or substr(upper(hex(randomblob(55555555))),0,1) or '" or substr(upper(hex(randomblob(55555555)])),0,1) or "*/
		[94mTime Based SQLi ( PostgreSQL ) Failed [0m for  rememberme  with the payload : (SELECT 55555555 FROM PG_SLEEP(4)) /*' || (SELECT 55555555 FROM PG_SLEEP(4)) || '" || (SELECT 55555555 FROM PG_SLEEP(4)) || "*/
		[94mTime Based SQLi ( OracleSQL ) Failed [0m for  rememberme  with the payload : DBMS_PIPE.RECEIVE_MESSAGE(chr(65)||chr(65)||chr(65),5) /*' || DBMS_PIPE.RECEIVE_MESSAGE(chr(65)||chr(65)||chr(65),5) || '" || DBMS_PIPE.RECEIVE_MESSAGE(chr(65)||chr(65)||chr(65),5) || "*/
		[94mTime Based SQLi ( SQL Server ) Failed [0m for  rememberme  with the payload : WAITFOR DELAY chr(48)+chr(58)+chr(48)+chr(58)+chr(52) /*' || WAITFOR DELAY chr(48)+chr(58)+chr(48)+chr(58)+chr(52) || '" || WAITFOR DELAY chr(48)+chr(58)+chr(48)+chr(58)+chr(52) || "*/
		[94mRCE Failed [0m for  rememberme  with the payload : `#'|sleep${IFS}4|'`"|sleep${IFS}4|";sleep${IFS}4

STDERR
* Running on http://0.0.0.0:8000/ (Press CTRL+C to quit)
172.30.0.1 - - [11/Sep/2017 16:04:21] "GET /ping HTTP/1.1" 200 -
172.30.0.1 - - [11/Sep/2017 16:19:05] "GET /?url=http%3A//[REDACTED]/login.php&deep=0&impact=0&cookies=PHPSESSID%3DREMOVED&useragent=Mozilla/5.0%20(X11;%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/60.0.3112.90%20Safari/537.36%20OPR/47.0.2631.80&method=POST&data=username%3Abob%7Cpassword%3Abob%7Crememberme%3Aon%7C%3A%7C HTTP/1.1" 200 -
172.30.0.1 - - [11/Sep/2017 16:19:16] "GET /ping HTTP/1.1" 200 -

A "/ping" request is done at every opening of the "Plugin Window" in your browser.

If you need the exact version of the component used in the beta test, here they are.

Ghost.py==2.0.0-dev   
PySide==2.0.0~alpha0
Qt==5.5.1

Thanks, Contributors and Ideas

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].