GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → war-and-code → jawfish

war-and-code / jawfish

Licence: MIT license
Tool for breaking into web applications.

Programming Languages

python
139335 projects - #7 most used programming language
javascript
184084 projects - #8 most used programming language

Labels

securityapplication-securityvulnerabilitiesscannerssecurity-scanner

Projects that are alternatives of or similar to jawfish

Ossa
Open-Source Security Architecture | 开源安全架构
Stars: ✭ 796 (+847.62%)
Mutual labels:  application-security, vulnerabilities, security-scanner
Super
Secure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (+304.76%)
Mutual labels:  vulnerabilities, security-scanner
Rapidscan
🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (+822.62%)
Mutual labels:  vulnerabilities, security-scanner
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (+332.14%)
Mutual labels:  vulnerabilities, security-scanner
Vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+10428.57%)
Mutual labels:  vulnerabilities, security-scanner
Vuln Web Apps
A curated list of vulnerable web applications.
Stars: ✭ 128 (+52.38%)
Mutual labels:  vulnerabilities, security-scanner
Vulny Code Static Analysis
Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: ✭ 207 (+146.43%)
Mutual labels:  vulnerabilities, security-scanner
Taipan
Web application vulnerability scanner
Stars: ✭ 359 (+327.38%)
Mutual labels:  application-security, security-scanner
Jackhammer
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Stars: ✭ 633 (+653.57%)
Mutual labels:  application-security, security-scanner
CyberQueens
CyberQueens lesson materials - learning resources and exercises for aspiring reverse engineers, exploit developers, and hackers 👩‍💻👨‍💻
Stars: ✭ 30 (-64.29%)
Mutual labels:  vulnerabilities
WebSecurityScannerWhitePaper
收集网络上公开的漏洞扫描器的白皮书。
Stars: ✭ 25 (-70.24%)
Mutual labels:  security-scanner
serverless-snyk
Serverless plugin for securing your dependencies with Snyk
Stars: ✭ 40 (-52.38%)
Mutual labels:  vulnerabilities
Jxnet
Jxnet is a Java library for capturing and sending custom network packet buffers with no copies. Jxnet wraps a native packet capture library (libpcap/winpcap/npcap) via JNI (Java Native Interface).
Stars: ✭ 26 (-69.05%)
Mutual labels:  security-scanner
PatrowlHearsData
Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds
Stars: ✭ 66 (-21.43%)
Mutual labels:  vulnerabilities
flask-vuln
Pretty vulnerable flask app..
Stars: ✭ 23 (-72.62%)
Mutual labels:  vulnerabilities
scan-action
Anchore container analysis and scan provided as a GitHub Action
Stars: ✭ 140 (+66.67%)
Mutual labels:  vulnerabilities
snyk-maven-plugin
Test and monitor your projects for vulnerabilities with Maven. This plugin is officially maintained by Snyk.
Stars: ✭ 64 (-23.81%)
Mutual labels:  vulnerabilities
vilicus
Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.
Stars: ✭ 82 (-2.38%)
Mutual labels:  security-scanner
NetworkAlarm
A tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.
Stars: ✭ 17 (-79.76%)
Mutual labels:  security-scanner
akamai-arl-hack
Script to test open Akamai ARL vulnerability.
Stars: ✭ 70 (-16.67%)
Mutual labels:  vulnerabilities
View All Similar Projects ➔

Jawfish

Jawfish is a tool for breaking into web applications.

Based on Forced Evolution, it's self-modifying - finding exploits and updating an internal database accordingly.

Parts

Target IP - The server IP you are attacking. It is recommended to not use a hostname, as DNS lookups significantly slow the current version of Jawfish down. Example: 192.168.1.1

Address - The path URL to the vulnerable page. Example: /herp/derp/vuln.php

Vulnerability - This is the POST or GET variable that will be exploited.

Method - This can be either POST or GET, and defines the behavior of Jawfish as it communicates over HTTP POSTs and GETs.

Goal Text - The most important option to get correct, as it will define when an exploit string is deemed as working. Case is ignored. Examples: If you are attempting to bypass a login form, perhaps “Login Successful.” For command injection, an indicative server response like “Directory of.” For SQL injection, maybe “row in set.”

Jawfish currently contains no capabilities for dumping databases or post-exploitation. You can take the exploit produced by Jawfish and feed it into a tool like sqlmap.

Trying to run Jawfish locally?

After downloading or cloning the repo, you will need to locally set up Flask in the "flask" folder. This is a good tutorial.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].