BROWSER INTEGRATION
This tool has many advantages, as a browser-embedded webhacking tool, is very useful for scanning browser-authenticated applications, if browser can authenticate and access to the web application, the tool also can. Note that some other tools do not support neither certificate authentication nor web vpn accesses.
The integration with chrome, provides a more comfortable and agile way of web-hacking, and you have all the application data loaded on the hacking tool, you don't need to copy the url, cookies, etc. to the tool, just right click and hack.
The browser rendering engine is also used in this tool, to draw the html of the responses.
FALSES POSITIVES
When I coded this tool, I was obsessed with false positives, which is the main problem in all detection tools. I have implemented a gauss algorithm, to reduce the faslse positives automatically which works very very well, and save a lot of time to the pentester.
VIDEO
Here is a video, with some of the web-fu functionalitites:
VISUAL FEATURES
This tool has a visual crawler. Normal crawlers doesn't parse the ajvascript, this tool does. The visual crawler loads each link of the web site, rendering the html and executing all the javascript as a normal load, then the links are processed from he DOM and clicked.
A visual form cracker, is also available, althow is experimental and only works on some kind of forms.
SCANNING FEATURES
The web-fu's portscanner, has a database of a common web ports, like 80,81,8080 and so on.
The cracker module, can bruteforce web directories to find new attack vectors, and can fuzz get and post parameters for discovering vulns, and also crack passwords. There are 9 preloaded wordlists, and you can also load a custom wordlist. Prefilters, falsepositive reductor and render will be helpful. The scanners support SSL, if the website can be loaded in the chrome, can be scanned by web-fu.
ENCODERS & DECODERS
The supported encoders and decoders are: base64, urlescape and urlencode
OTHER FEATURES
A web notepad is available, saving the information on the browser localStorage, there is one notepad per site. A cookie editor is also very useful for pentesting. The inteceptor, is like a web proxy but from the inside of the browser, you can intercept a request There is also a session locker and a exploit web search.
CHROME STORE
Here is the link to the chrome store, the prize is about one euro, very cheap if you compare with other scanners: Web-Fu on Chrome Store
With webfu, you will do the best web site pentest and vulnerability assessment.
Related posts
- Pentest Tools Url Fuzzer
- Hacking Apps
- Hacker Tools Hardware
- Pentest Tools For Android
- What Is Hacking Tools
- Hacker Tools For Pc
- Hacking Tools Download
- Hacking Apps
- Hack Tools For Games
- Hacker Tools Apk Download
- Hack Tools For Ubuntu
- Hacker Tools For Mac
- Growth Hacker Tools
- Growth Hacker Tools
- Hacker Tools Apk
- Hacker Tools Apk
- Hack Tools Mac
- Pentest Tools Open Source
- Hacker Tool Kit
- Hacker Tools For Mac
- Hack Tools Mac
- Tools For Hacker
- Hacker Tools Apk
- Hackrf Tools
- Usb Pentest Tools
- Hacker Tools For Windows
- Hacking Tools Free Download
- Hack Tool Apk No Root
- Pentest Tools Open Source
- Hacker Security Tools
- Hacking Tools For Windows Free Download
- Blackhat Hacker Tools
- Pentest Tools Github
- Hacker Tools
- Install Pentest Tools Ubuntu
- Hack Tools For Windows
- Hack Tools Mac
- Pentest Box Tools Download
- Hacking Tools Github
- Hacker Tools Online
- Hacking Tools Mac
- Hack Tool Apk No Root
- Pentest Tools Review
- Pentest Tools Download
- Hackrf Tools
- Hacking Tools Windows 10
- Hack And Tools
- Easy Hack Tools
- Hacking Tools 2019
- Hacking App
- Hack Apps
- Top Pentest Tools
- Hacking Tools And Software
- Top Pentest Tools
- Hacking Tools Mac
- Pentest Tools Download
- Hacker Tools Free Download
- What Are Hacking Tools
- Hacking Tools Free Download
- Nsa Hack Tools
- Hacker
- Hack Tools Mac
- Hacking Tools Online
No comments:
Post a Comment