ClickJackPoc

This tool will help you automate finding Clickjacking Vulnerability by just passing a file containing list of Targets .
Once the Target is Found Vulnerable It will generate the Exploit Proof of Conepet(PoC) for each Vulnerable targets.

What is Clickjacking ?

Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a or .</li> <li>Sites can use "X-Frame-Options" in the headers to avoid clickjacking attacks by ensuring that their content is not embedded into other sites.</li> <li><a href="https://owasp.org/www-community/attacks/Clickjacking" rel="nofollow">Reference</a></li> </ul> <h2 dir="auto"><a id="user-content-installation" class="anchor" aria-hidden="true" href="#installation"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Installation:</h2> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="git clone https://github.com/Raiders0786/ClickjackPoc.git cd ClickjackPoc pip install -r requirements.txt"> <pre><code>git clone https://github.com/Raiders0786/ClickjackPoc.git cd ClickjackPoc pip install -r requirements.txt </code></pre> </div> <h2 dir="auto"><a id="user-content-example" class="anchor" aria-hidden="true" href="#example"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Example:</h2> <p dir="auto">Example Usage of the Tool</p> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="python3 clickJackPoc.py -f domains.txt"> <pre><code>python3 clickJackPoc.py -f domains.txt </code></pre> </div> <p dir="auto"><a target="_blank" rel="noopener noreferrer" href="https://github.com/Raiders0786/ClickjackPoc/raw/master/usage.png"><img src="https://github.com/Raiders0786/ClickjackPoc/raw/master/usage.png" alt="1" style="max-width: 100%;"></a></p> <h2 dir="auto"><a id="user-content-allowed-targets-format" class="anchor" aria-hidden="true" href="#allowed-targets-format"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Allowed Targets Format:</h2> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="http://target.com target.com www.target.com https://tartget.com/ https://IP:Port IP:Port http://IP:Port/login http://www.target.com/directory https://www.target.com/directory"> <pre><code>http://target.com target.com www.target.com https://tartget.com/ https://IP:Port IP:Port http://IP:Port/login http://www.target.com/directory https://www.target.com/directory </code></pre> </div> <h2 dir="auto"><a id="user-content-benefits" class="anchor" aria-hidden="true" href="#benefits"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Benefits:</h2> <ul dir="auto"> <li>It will take all the targets from the file passed.</li> <li>Make the exploit Poc by creating a HTML File with <code>TargetName.html</code> as the Output.</li> <li>Will Print <code>Not Vulnerable</code> if Target is not Vulnerable.</li> </ul> <h2 dir="auto"><a id="user-content-reach-me-" class="anchor" aria-hidden="true" href="#reach-me-"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Reach Me :</h2> <ul dir="auto"> <li><code>Do Tag Me if you get Rewarded💸💰 , Will be Very Happy to hear that 😄 !</code></li> <li>Do Give it a <code>Star</code> if you like it & <code>Follow</code> me for more such stuffs!</li> <li>Let me know if you have any Suggestion's or want to Collaborate.</li> <li>This tool is made for Learning Purpose !</li> </ul> <p dir="auto"><a href="https://www.linkedin.com/in/chirag-agrawal-770488144/" rel="nofollow"><img src="https://camo.githubusercontent.com/a80d00f23720d0bc9f55481cfcd77ab79e141606829cf16ec43f8cacc7741e46/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c696e6b6564496e2d3030373742353f7374796c653d666f722d7468652d6261646765266c6f676f3d6c696e6b6564696e266c6f676f436f6c6f723d7768697465" alt="Linkedin" style="height: 60px; width: 170px; max-width: 100%;" data-canonical-src="https://img.shields.io/badge/LinkedIn-0077B5?style=for-the-badge&logo=linkedin&logoColor=white"></a> <a target="_blank" rel="noopener noreferrer" href="https://camo.githubusercontent.com/c4beccd946d3d75029f0f1755d7b758604ad25a83cd668e06eed6646b99b7108/68747470733a2f2f696d672e736869656c64732e696f2f747769747465722f666f6c6c6f772f5f5f526169646572733f7374796c653d736f6369616c"><img alt="Twitter Follow" src="https://camo.githubusercontent.com/c4beccd946d3d75029f0f1755d7b758604ad25a83cd668e06eed6646b99b7108/68747470733a2f2f696d672e736869656c64732e696f2f747769747465722f666f6c6c6f772f5f5f526169646572733f7374796c653d736f6369616c" width="250" height="50" data-canonical-src="https://img.shields.io/twitter/follow/__Raiders?style=social" style="max-width: 100%;"></a></p>

Automated tool to find & created Exploit Poc for Clickjacking Vulnerability

Related tags

Overview

ClickJackPoc

What is Clickjacking ?

Owner

Chirag Agrawal

INFO 3350/6350, Spring 2022, Cornell

Attack SQL Server through gopher protocol

2021hvv漏洞汇总

Files related to PoC||GTFO 21:21 - NSA’s Backdoor of the PX1000-Cr

Complet and easy to run Port Scanner with Python

This is a keylogger in python for Windows, Mac and Linux!

'Our Drowsinessdetector detects drivers eyes if they are closed for more than 2 seconds and alerts driver'

client attack remotely , this script was written for educational purposes only

MozDef: Mozilla Enterprise Defense Platform

Bandit is a tool designed to find common security issues in Python code.

POC for detecting the Log4Shell (Log4J RCE) vulnerability

Password list generator for password spraying - prebaked with goodies

A black hole for Internet advertisements

Sample exploits for Zephyr CVE-2021-3625

Mass Shortlink Bypass Merupakan Tools Yang Akan Bypass Shortlink Ke Tujuan Asli, Dibuat Dengan Python 3

Separation of Mainlobes and Sidelobes in the Ultrasound Image Based on the Spatial Covariance (MIST) and Aperture-Domain Spectrum of Received Signals

A Modified version of TCC's Osprey poc framework......

Subdomain enumeration,Web scraping and finding usernames automation script written in python

A passive-recon tool that parses through found assets and interacts with the Hackerone API

PoC for CVE-2020-6207 (Missing Authentication Check in SAP Solution Manager)