diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..02c248d --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +add-tool +distribute-readme \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..0010ff9 --- /dev/null +++ b/Makefile @@ -0,0 +1,40 @@ +.PHONY: default help contribute add-tool distribute-readme clean + +SHELL = /bin/bash +APP_NAME = WebHackersWeapons +ADD_TOOL = add-tool +DISTRIBUTE_README = distribute-readme +VERSION = $(shell git describe --always --tags) +GIT_COMMIT = $(shell git rev-parse HEAD) +GIT_DIRTY = $(shell test -n "`git status --porcelain`" && echo "+CHANGES" || true) +BUILD_DATE = $(shell date '+%Y-%m-%d-%H:%M:%S') + +default: help + +help: + @echo 'Management commands for ${APP_NAME}:' + @echo + @echo 'Usage:' + @echo ' make contribute Compile ${ADD_TOOL} & ${DISTRIBUTE_README}.' + @echo ' make add-tool Build ${ADD_TOOL}' + @echo ' make distribute-readme Build ${DISTRIBUTE_README}' + @echo ' make clean Clean the contribute file.' + + @echo + +contribute: add-tool distribute-readme + +add-tool: + @echo "Build ${ADD_TOOL} ${VERSION}" + @echo "GOPATH=${GOPATH}" + go build -ldflags "-w -X github.com/hahwul/WebHackersWeapons/version.GitCommit=${GIT_COMMIT}${GIT_DIRTY} -X github.com/hahwul/WebHackersWeapons/version.Version=${VERSION} -X github.com/hahwul/WebHackersWeapons/version.BuildDate=${BUILD_DATE}" -o ./${ADD_TOOL} ./${ADD_TOOL}.go + +distribute-readme: + @echo "Build ${ADD_TOOL} ${VERSION}" + @echo "GOPATH=${GOPATH}" + go build -ldflags "-w -X github.com/hahwul/WebHackersWeapons/version.GitCommit=${GIT_COMMIT}${GIT_DIRTY} -X github.com/hahwul/WebHackersWeapons/version.Version=${VERSION} -X github.com/hahwul/WebHackersWeapons/version.BuildDate=${BUILD_DATE}" -o ./${DISTRIBUTE_README} ./${DISTRIBUTE_README}.go + +clean: + @echo "Removing ${APP_NAME} ${VERSION}" + @test ! -e ${ADD_TOOL} || rm ${ADD_TOOL} + @test ! -e ${DISTRIBUTE_README} || rm ${DISTRIBUTE_README} \ No newline at end of file diff --git a/README.md b/README.md index 9691237..1757f48 100644 --- a/README.md +++ b/README.md @@ -24,8 +24,10 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin | Discovery/ALL | [aquatone](https://github.com/michenriksen/aquatone) | A Tool for Domain Flyovers | ![](https://img.shields.io/github/stars/michenriksen/aquatone) | ![](https://img.shields.io/github/languages/top/michenriksen/aquatone) | | Discovery/ALL | [lazyrecon](https://github.com/nahamsec/lazyrecon) | This script is intended to automate your reconnaissance process in an organized fashion | ![](https://img.shields.io/github/stars/nahamsec/lazyrecon) | ![](https://img.shields.io/github/languages/top/nahamsec/lazyrecon) | | Discovery/ALL | [rengine](https://github.com/yogeshojha/rengine) | reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. | ![](https://img.shields.io/github/stars/yogeshojha/rengine) | ![](https://img.shields.io/github/languages/top/yogeshojha/rengine) | +| Discovery/APK | [apkleaks](https://github.com/dwisiswant0/apkleaks) | Scanning APK file for URIs, endpoints & secrets. | ![](https://img.shields.io/github/stars/dwisiswant0/apkleaks) | ![](https://img.shields.io/github/languages/top/dwisiswant0/apkleaks) | | Discovery/CRAWL | [Photon](https://github.com/s0md3v/Photon) | Incredibly fast crawler designed for OSINT. | ![](https://img.shields.io/github/stars/s0md3v/Photon) | ![](https://img.shields.io/github/languages/top/s0md3v/Photon) | | Discovery/CRAWL | [cc.py](https://github.com/si9int/cc.py) | Extracting URLs of a specific target based on the results of "commoncrawl.org" | ![](https://img.shields.io/github/stars/si9int/cc.py) | ![](https://img.shields.io/github/languages/top/si9int/cc.py) | +| Discovery/CRAWL | [go-dork](https://github.com/dwisiswant0/go-dork) | The fastest dork scanner written in Go. | ![](https://img.shields.io/github/stars/dwisiswant0/go-dork) | ![](https://img.shields.io/github/languages/top/dwisiswant0/go-dork) | | Discovery/CRAWL | [gospider](https://github.com/jaeles-project/gospider) | Gospider - Fast web spider written in Go | ![](https://img.shields.io/github/stars/jaeles-project/gospider) | ![](https://img.shields.io/github/languages/top/jaeles-project/gospider) | | Discovery/CRAWL | [hakrawler](https://github.com/hakluke/hakrawler) | Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application | ![](https://img.shields.io/github/stars/hakluke/hakrawler) | ![](https://img.shields.io/github/languages/top/hakluke/hakrawler) | | Discovery/DNS | [DNSDumpster](https://dnsdumpster.com) | Online dns recon & research, find & lookup dns records|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) | ![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)| @@ -70,6 +72,7 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin | Fetch/WSOCK | [websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler) | websocket-connection-smuggler | ![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler) | ![](https://img.shields.io/github/languages/top/hahwul/websocket-connection-smuggler) | | Scanner/CORS | [Corsy](https://github.com/s0md3v/Corsy) | CORS Misconfiguration Scanner | ![](https://img.shields.io/github/stars/s0md3v/Corsy) | ![](https://img.shields.io/github/languages/top/s0md3v/Corsy) | | Scanner/FUZZ | [VHostScan](https://github.com/codingo/VHostScan) | A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. | ![](https://img.shields.io/github/stars/codingo/VHostScan) | ![](https://img.shields.io/github/languages/top/codingo/VHostScan) | +| Scanner/FUZZ | [crlfuzz](https://github.com/dwisiswant0/crlfuzz) | A fast tool to scan CRLF vulnerability written in Go | ![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz) | ![](https://img.shields.io/github/languages/top/dwisiswant0/crlfuzz) | | Scanner/FUZZ | [ffuf](https://github.com/ffuf/ffuf) | Fast web fuzzer written in Go | ![](https://img.shields.io/github/stars/ffuf/ffuf) | ![](https://img.shields.io/github/languages/top/ffuf/ffuf) | | Scanner/FUZZ | [thc-hydra](https://github.com/vanhauser-thc/thc-hydra) | hydra | ![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra) | ![](https://img.shields.io/github/languages/top/vanhauser-thc/thc-hydra) | | Scanner/FUZZ | [wfuzz](https://github.com/xmendez/wfuzz) | Web application fuzzer | ![](https://img.shields.io/github/stars/xmendez/wfuzz) | ![](https://img.shields.io/github/languages/top/xmendez/wfuzz) | @@ -123,12 +126,14 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin | Utility/TOOLBOX | [CyberChef](https://github.com/gchq/CyberChef) | The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis | ![](https://img.shields.io/github/stars/gchq/CyberChef) | ![](https://img.shields.io/github/languages/top/gchq/CyberChef) | | Utility/URL | [anew](https://github.com/tomnomnom/anew) | A tool for adding new lines to files, skipping duplicates | ![](https://img.shields.io/github/stars/tomnomnom/anew) | ![](https://img.shields.io/github/languages/top/tomnomnom/anew) | | Utility/URL | [burl](https://github.com/tomnomnom/burl) | A Broken-URL Checker | ![](https://img.shields.io/github/stars/tomnomnom/burl) | ![](https://img.shields.io/github/languages/top/tomnomnom/burl) | +| Utility/URL | [cf-check](https://github.com/dwisiswant0/cf-check) | Cloudflare Checker written in Go | ![](https://img.shields.io/github/stars/dwisiswant0/cf-check) | ![](https://img.shields.io/github/languages/top/dwisiswant0/cf-check) | | Utility/URL | [gau](https://github.com/lc/gau) | Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. | ![](https://img.shields.io/github/stars/lc/gau) | ![](https://img.shields.io/github/languages/top/lc/gau) | | Utility/URL | [hacks](https://github.com/tomnomnom/hacks/tree/master/anti-burl) | remove bad urls | ![](https://img.shields.io/github/stars/tomnomnom/hacks/tree/master/anti-burl) | ![](https://img.shields.io/github/languages/top/tomnomnom/hacks/tree/master/anti-burl) | | Utility/URL | [qsreplace](https://github.com/tomnomnom/qsreplace) | Accept URLs on stdin, replace all query string values with a user-supplied value | ![](https://img.shields.io/github/stars/tomnomnom/qsreplace) | ![](https://img.shields.io/github/languages/top/tomnomnom/qsreplace) | | Utility/URL | [unfurl](https://github.com/tomnomnom/unfurl) | Pull out bits of URLs provided on stdin | ![](https://img.shields.io/github/stars/tomnomnom/unfurl) | ![](https://img.shields.io/github/languages/top/tomnomnom/unfurl) | | Utility/URL | [urlprobe](https://github.com/1ndianl33t/urlprobe) | Urls status code & content length checker | ![](https://img.shields.io/github/stars/1ndianl33t/urlprobe) | ![](https://img.shields.io/github/languages/top/1ndianl33t/urlprobe) | | Utility/VULN | [Gopherus](https://github.com/tarunkant/Gopherus) | This tool generates gopher link for exploiting SSRF and gaining RCE in various servers | ![](https://img.shields.io/github/stars/tarunkant/Gopherus) | ![](https://img.shields.io/github/languages/top/tarunkant/Gopherus) | +| Utility/VULN | [hinject](https://github.com/dwisiswant0/hinject) | Host Header Injection Checker | ![](https://img.shields.io/github/stars/dwisiswant0/hinject) | ![](https://img.shields.io/github/languages/top/dwisiswant0/hinject) | | Utility/VULN | [oxml_xxe](https://github.com/BuffaloWill/oxml_xxe) | A tool for embedding XXE/XML exploits into different filetypes | ![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe) | ![](https://img.shields.io/github/languages/top/BuffaloWill/oxml_xxe) | | Utility/VULN | [pentest-tools](https://github.com/gwen001/pentest-tools) | Custom pentesting tools | ![](https://img.shields.io/github/stars/gwen001/pentest-tools) | ![](https://img.shields.io/github/languages/top/gwen001/pentest-tools) | | Utility/VULN | [postMessage-tracker](https://github.com/fransr/postMessage-tracker) | A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon | ![](https://img.shields.io/github/stars/fransr/postMessage-tracker) | ![](https://img.shields.io/github/languages/top/fransr/postMessage-tracker) | @@ -137,6 +142,13 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin | Utility/WORD | [SecLists](https://github.com/danielmiessler/SecLists) | SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. | ![](https://img.shields.io/github/stars/danielmiessler/SecLists) | ![](https://img.shields.io/github/languages/top/danielmiessler/SecLists) | | Utility/WORD | [subs_all](https://github.com/emadshanab/subs_all) | Subdomain Enumeration Wordlist. 8956437 unique words. Updated. | ![](https://img.shields.io/github/stars/emadshanab/subs_all) | ![](https://img.shields.io/github/languages/top/emadshanab/subs_all) | ## Contribute + +First, you need to compile `add-tool` and `distribute-readme` using `make` command: + +```bash +> make contribute +``` + ### Usage of add-tool ``` ./add-tool diff --git a/data.json b/data.json index 0800710..ba30af0 100644 --- a/data.json +++ b/data.json @@ -204,6 +204,11 @@ "Method": "URL", "Type": "Utility" }, + "apkleaks": { + "Type": "Discovery", + "Data": "| Discovery/APK | [apkleaks](https://github.com/dwisiswant0/apkleaks) | Scanning APK file for URIs, endpoints \u0026 secrets. | ![](https://img.shields.io/github/stars/dwisiswant0/apkleaks) | ![](https://img.shields.io/github/languages/top/dwisiswant0/apkleaks) |", + "Method": "APK" + }, "aquatone": { "Data": "| Discovery/ALL | [aquatone](https://github.com/michenriksen/aquatone) | A Tool for Domain Flyovers | ![](https://img.shields.io/github/stars/michenriksen/aquatone) | ![](https://img.shields.io/github/languages/top/michenriksen/aquatone) |", "Method": "ALL", @@ -239,11 +244,21 @@ "Method": "CRAWL", "Type": "Discovery" }, + "cf-check": { + "Data": "| Utility/URL | [cf-check](https://github.com/dwisiswant0/cf-check) | Cloudflare Checker written in Go | ![](https://img.shields.io/github/stars/dwisiswant0/cf-check) | ![](https://img.shields.io/github/languages/top/dwisiswant0/cf-check) |", + "Method": "URL", + "Type": "Utility" + }, "chaos-client": { "Data": "| Discovery/DOMAIN | [chaos-client](https://github.com/projectdiscovery/chaos-client) | Go client to communicate with Chaos DNS API. | ![](https://img.shields.io/github/stars/projectdiscovery/chaos-client) | ![](https://img.shields.io/github/languages/top/projectdiscovery/chaos-client) |", "Method": "DOMAIN", "Type": "Discovery" }, + "crlfuzz": { + "Data": "| Scanner/FUZZ | [crlfuzz](https://github.com/dwisiswant0/crlfuzz) | A fast tool to scan CRLF vulnerability written in Go | ![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz) | ![](https://img.shields.io/github/languages/top/dwisiswant0/crlfuzz) |", + "Method": "FUZZ", + "Type": "Scanner" + }, "dalfox": { "Data": "| Scanner/XSS | [dalfox](https://github.com/hahwul/dalfox) | 🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang | ![](https://img.shields.io/github/stars/hahwul/dalfox) | ![](https://img.shields.io/github/languages/top/hahwul/dalfox) |", "Method": "XSS", @@ -329,6 +344,11 @@ "Method": "GIT", "Type": "Discovery" }, + "go-dork": { + "Data": "| Discovery/CRAWL | [go-dork](https://github.com/dwisiswant0/go-dork) | The fastest dork scanner written in Go. | ![](https://img.shields.io/github/stars/dwisiswant0/go-dork) | ![](https://img.shields.io/github/languages/top/dwisiswant0/go-dork) |", + "Method": "CRAWL", + "Type": "Discovery" + }, "gobuster": { "Data": "| Discovery/FUZZ | [gobuster](https://github.com/OJ/gobuster) | Directory/File, DNS and VHost busting tool written in Go | ![](https://img.shields.io/github/stars/OJ/gobuster) | ![](https://img.shields.io/github/languages/top/OJ/gobuster) |", "Method": "FUZZ", @@ -369,6 +389,11 @@ "Method": "DNS", "Type": "Discovery" }, + "hinject": { + "Data": "| Utility/VULN | [hinject](https://github.com/dwisiswant0/hinject) | Host Header Injection Checker | ![](https://img.shields.io/github/stars/dwisiswant0/hinject) | ![](https://img.shields.io/github/languages/top/dwisiswant0/hinject) |", + "Method": "VULN", + "Type": "Utility" + }, "httprobe": { "Data": "| Fetch/TOM | [httprobe](https://github.com/tomnomnom/httprobe) | Take a list of domains and probe for working HTTP and HTTPS servers | ![](https://img.shields.io/github/stars/tomnomnom/httprobe) | ![](https://img.shields.io/github/languages/top/tomnomnom/httprobe) |", "Method": "TOM", @@ -480,9 +505,9 @@ "Type": "Utility" }, "rengine": { - "Type": "Discovery", "Data": "| Discovery/ALL | [rengine](https://github.com/yogeshojha/rengine) | reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. | ![](https://img.shields.io/github/stars/yogeshojha/rengine) | ![](https://img.shields.io/github/languages/top/yogeshojha/rengine) |", - "Method": "ALL" + "Method": "ALL", + "Type": "Discovery" }, "s3reverse": { "Data": "| Utility/S3 | [s3reverse](https://github.com/hahwul/s3reverse) | The format of various s3 buckets is convert in one format. for bugbounty and security testing. | ![](https://img.shields.io/github/stars/hahwul/s3reverse) | ![](https://img.shields.io/github/languages/top/hahwul/s3reverse) |", diff --git a/template/foot.md b/template/foot.md index 4c6ec6f..55b4943 100644 --- a/template/foot.md +++ b/template/foot.md @@ -1,4 +1,11 @@ ## Contribute + +First, you need to compile `add-tool` and `distribute-readme` using `make` command: + +```bash +> make contribute +``` + ### Usage of add-tool ``` ./add-tool