A set of tools for Web Exploitation
Project description
webXtools
A wouldbe toolset for web exploitation and other general tools used in CTFs.
To install
pip3 install webXtools
Usage
Bruteforce
A multithreaded approach to generate strings
import webXtools
import hashlib
import string
# Find a string such that `hashlib.sha256("string".encode('utf-8')).hexdigest()[:5]` returns `3f6ac`
def check(string):
if hashlib.sha256(string.encode('utf-8')).hexdigest()[:5] == "3f6a4":
return True
else:
return False
# Returns the string that solves callback
print(webXtools.bruteforce(minLength=1, maxLength=4, charSet=string.ascii_letters+string.digits, noOfThreads=4, callback=check))
# Prints all the strings generated
webXtools.bruteforce(minLength=1, maxLength=4, charSet=string.ascii_letters+string.digits, noOfThreads=4, callback=print)
# bruteforceList
def doit(st):
# something with the string
return False
webXtools.bruteforceList(stringList=[1, 2, 3, 4, 5, 6, 7, 8, 9, 10], noOfThreads=5, callback=doit)
# bruteforceFile
webXtools.bruteforceFile(file="./payloads.txt", noOfThreads=5, callback=check)
Race Condition
Test race condition in Web Applications
import webXtools
# 1
r = webXtools.race(url="https://google.com", numberOfRequests=100, threads=5)
## r has a list of all the responses
# 2
webXtools.race(url="http://vuln.com", cookies={"id":"evil"}, method="GET", headers={"iam":"admin"}, numberOfRequests=200, threads=10)
# 3
request = """POST /test/ HTTP/1.1
HOST: localhost:1337
Content-Type: application/JSON
Content-Length: 15
{"test":"data"}
"""
webXtools.race(url="http://localhost:1337", absoluteRequest=request, threads=5)
JWT
import webXtools
import string
token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.R6zywlgNMEEcoM01FyTd3XY-iODzr-uvpWWw9i8VHho"
print(webXtools.jwtHS256Brute(token, charSet=string.ascii_letters, maxLength=3))
print(webXtools.jwtHS256Brute(token, stringList=["a", "c", "abs"]))
print(webXtools.jwtHS256Brute(token, stringFile="./strings.txt", noOfThreads=10))
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
webXtools-1.0.0.tar.gz
(7.0 kB
view details)
Built Distribution
File details
Details for the file webXtools-1.0.0.tar.gz.
File metadata
- Download URL: webXtools-1.0.0.tar.gz
- Upload date:
- Size: 7.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.2 importlib_metadata/4.6.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 29a24a0b4eef1c7c315e26e8c7480ce472bc70cdb45e88d6f97eff8c45b9e081 |
|
| MD5 | a349dfbc67f7556ed7b8641d5ea281a2 |
|
| BLAKE2b-256 | d5357c14bcdd158c42265084abe43969b067c2b915c202524a350a54cb93fad3 |
Provenance
File details
Details for the file webXtools-1.0.0-py3-none-any.whl.
File metadata
- Download URL: webXtools-1.0.0-py3-none-any.whl
- Upload date:
- Size: 7.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.2 importlib_metadata/4.6.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | af5bdea2b381537b36873595cfe5559fb355525ebd9c42f8b896f4aa86fb4271 |
|
| MD5 | 7da8a2ac3d508690ff199c1772c15c97 |
|
| BLAKE2b-256 | 36f440946cbd2c4fc0345c4d4faf2050569815ef63006efffaff397b4395bf51 |
