A set of tools for Web Exploitation
Project description
webXtools
A wouldbe toolset for web exploitation and other general tools used in CTFs.
To install
pip3 install webXtools
Modules
Usage
Bruteforce
A multithreaded approach to generate strings
import webXtools
import hashlib
import string
# Find a string such that `hashlib.sha256("string".encode('utf-8')).hexdigest()[:5]` returns `3f6ac`
def check(string):
if hashlib.sha256(string.encode('utf-8')).hexdigest()[:5] == "3f6a4":
return True
else:
return False
# Returns the string that solves callback
print(webXtools.bruteforce(minLength=1, maxLength=4, charSet=string.ascii_letters+string.digits, noOfThreads=4, callback=check))
# Prints all the strings generated
webXtools.bruteforce(minLength=1, maxLength=4, charSet=string.ascii_letters+string.digits, noOfThreads=4, callback=print)
# bruteforceList
def doit(st):
# something with the string
return False
webXtools.bruteforceList(stringList=[1, 2, 3, 4, 5, 6, 7, 8, 9, 10], noOfThreads=5, callback=doit)
# bruteforceFile
webXtools.bruteforceFile(file="./payloads.txt", noOfThreads=5, callback=check)
Race Condition
Test race condition in Web Applications
import webXtools
# 1
r = webXtools.race(url="https://google.com", numberOfRequests=100, threads=5)
## r has a list of all the responses
# 2
webXtools.race(url="http://vuln.com", cookies={"id":"evil"}, method="GET", headers={"iam":"admin"}, numberOfRequests=200, threads=10)
# 3
request = """POST /test/ HTTP/1.1
HOST: localhost:1337
Content-Type: application/JSON
Content-Length: 15
{"test":"data"}
"""
webXtools.race(url="http://localhost:1337", absoluteRequest=request, threads=5)
JWT
import webXtools
import string
token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.R6zywlgNMEEcoM01FyTd3XY-iODzr-uvpWWw9i8VHho"
print(webXtools.jwtHS256Brute(token, charSet=string.ascii_letters, maxLength=3))
print(webXtools.jwtHS256Brute(token, stringList=["a", "c", "abs"]))
print(webXtools.jwtHS256Brute(token, stringFile="./strings.txt", noOfThreads=10))
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
webXtools-1.2.0.tar.gz
(7.2 kB
view details)
Built Distribution
File details
Details for the file webXtools-1.2.0.tar.gz.
File metadata
- Download URL: webXtools-1.2.0.tar.gz
- Upload date:
- Size: 7.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 250ac3c97ae8f666ab657995b531192e93f4404e289ffd37017bdcf0e6bc8147 |
|
| MD5 | a0335128dd19066d27ca6d2b7687e495 |
|
| BLAKE2b-256 | d0844b1033d74096bbb81b8205f0eb0b857ef544865f4f477bdbee4cefd901da |
Provenance
File details
Details for the file webXtools-1.2.0-py3-none-any.whl.
File metadata
- Download URL: webXtools-1.2.0-py3-none-any.whl
- Upload date:
- Size: 7.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3d12064a2976c4c153250de55465ab554a4e6ef3ecd916b6779c26d1ff35d827 |
|
| MD5 | e9d9a4734c736039c63795a183c0cc82 |
|
| BLAKE2b-256 | 63b3136cb3294cae6419a074bdea9061281b194cc80c908a695d242eae3fd03c |
