BROWSER INTEGRATION
This tool has many advantages, as a browser-embedded webhacking tool, is very useful for scanning browser-authenticated applications, if browser can authenticate and access to the web application, the tool also can. Note that some other tools do not support neither certificate authentication nor web vpn accesses.
The integration with chrome, provides a more comfortable and agile way of web-hacking, and you have all the application data loaded on the hacking tool, you don't need to copy the url, cookies, etc. to the tool, just right click and hack.
The browser rendering engine is also used in this tool, to draw the html of the responses.
FALSES POSITIVES
When I coded this tool, I was obsessed with false positives, which is the main problem in all detection tools. I have implemented a gauss algorithm, to reduce the faslse positives automatically which works very very well, and save a lot of time to the pentester.
VIDEO
Here is a video, with some of the web-fu functionalitites:
VISUAL FEATURES
This tool has a visual crawler. Normal crawlers doesn't parse the ajvascript, this tool does. The visual crawler loads each link of the web site, rendering the html and executing all the javascript as a normal load, then the links are processed from he DOM and clicked.
A visual form cracker, is also available, althow is experimental and only works on some kind of forms.
SCANNING FEATURES
The web-fu's portscanner, has a database of a common web ports, like 80,81,8080 and so on.
The cracker module, can bruteforce web directories to find new attack vectors, and can fuzz get and post parameters for discovering vulns, and also crack passwords. There are 9 preloaded wordlists, and you can also load a custom wordlist. Prefilters, falsepositive reductor and render will be helpful. The scanners support SSL, if the website can be loaded in the chrome, can be scanned by web-fu.
ENCODERS & DECODERS
The supported encoders and decoders are: base64, urlescape and urlencode
OTHER FEATURES
A web notepad is available, saving the information on the browser localStorage, there is one notepad per site. A cookie editor is also very useful for pentesting. The inteceptor, is like a web proxy but from the inside of the browser, you can intercept a request There is also a session locker and a exploit web search.
CHROME STORE
Here is the link to the chrome store, the prize is about one euro, very cheap if you compare with other scanners: Web-Fu on Chrome Store
With webfu, you will do the best web site pentest and vulnerability assessment.
Related news
- How To Make Hacking Tools
- Tools For Hacker
- Hacking Tools Windows 10
- Hacking Tools Windows 10
- Hacker Tools
- Blackhat Hacker Tools
- Hacker Tools
- Hack And Tools
- Hacking Tools 2020
- Hacker Tools For Pc
- Pentest Tools For Windows
- Pentest Tools Linux
- Nsa Hack Tools Download
- Hack Tools 2019
- Bluetooth Hacking Tools Kali
- Kik Hack Tools
- Android Hack Tools Github
- Hacker Tools
- Growth Hacker Tools
- Pentest Tools Bluekeep
- Hacking Tools Pc
- Hacker Tool Kit
- Hacking Tools For Games
- Pentest Tools For Windows
- Best Pentesting Tools 2018
- Hacker Tools
- Hack Apps
- Growth Hacker Tools
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου