Webpack自动化信息收集

Overview

Webpack-信息收集工具

郑重声明:文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途以及盈利等目的,否则后果自行承担。

0x01 介绍

作者:小洲

团队:横戈安全团队,未来一段时间将陆续开源工具,欢迎关注微信公众号:

logo

定位:协助红队人员快速的信息收集,测绘目标资产,寻找薄弱点。

语言:python3开发

功能:一条龙服务,只需要输入根域名即可一键化收集敏感信息。具体案例见下文。

0x02 安装

为了避免踩坑,建议安装在如下环境中

  • 当前用户对该目录有写权限,不然扫描结果无法生成。root权限即可
  • Python环境必须是3.7以上,因为使用了异步。建议VPS环境是ubuntu20,默认是python3.8。安装模块的时候切记不要走豆瓣的源
chmod 777 build.sh
./build.sh

three

python3 webpackfind.py -h

help

0x03 效果展示

自动爬取网站 one

自动爬取本地文件 two

0x04 使用方法

语法 功能
python3 webpackfind.py -u domain.com 采集域名中的webpack
python3 webpackfind.py -j ./js 本地读取js信息收集

0x05 版本更新

2021-08-17 初始版本提交

2021-08-18 版本整体修改为面向对象编程,自动识别是否存在其他子域名 four

2021-08-19 修复build.sh 不能执行问题

2021-08-23 修复了manifest js无法读取遍历BUG,感谢 chhyx2 师傅提交的bug。

2021-08-24 优化细节,解决windows生成目录问题。

2021-08-26 优化细节,解决获取js路径问题。

0x05 反馈

Webpackfind 是一个免费且开源的项目,我们欢迎任何人为其开发和进步贡献力量。

  • 在使用过程中出现任何问题,可以通过 issues 来反馈。
  • Bug 的修复可以直接提交 Pull Request 到 dev 分支。
  • 如果是增加新的功能特性,请先创建一个 issue 并做简单描述以及大致的实现方法,提议被采纳后,就可以创建一个实现新特性的 Pull Request。
  • 欢迎对说明文档做出改善,帮助更多的人使用 ShuiZe。
  • 贡献代码请提交 PR 至 dev 分支,master 分支仅用于发布稳定可用版本。

提醒:和项目相关的问题最好在 issues 中反馈,这样方便其他有类似问题的人可以快速查找解决方法,并且也避免了我们重复回答一些问题。

You might also like...
Releases(V1.0)
Owner
小洲
小洲
Instagram brute force tool that uses tor as its proxy connections

Insta-crack This is a instagram brute force tool that uses tor as its proxy connections, keep in mind that you should not do anything illegal with thi

Liam 3 Jan 28, 2022
A dynamic multi-STL, multi-process OpenSCAD build system with autoplating support

scad-build This is a multi-STL OpenSCAD build system based around GNU make. It supports dynamic build targets, intelligent previews with user-defined

Jordan Mulcahey 1 Dec 21, 2021
Multi-Process Vulnerability Tool

Multi-Process Vulnerability Tool

Baris Dincer 1 Dec 22, 2021
Proof of Concept Exploit for vCenter CVE-2021-21972

CVE-2021-21972 Proof of Concept Exploit for vCenter CVE-2021-21972

Horizon 3 AI Inc 210 Dec 31, 2022
Confluence Server Webwork OGNL injection

CVE-2021-26084 - Confluence Server Webwork OGNL injection An OGNL injection vulnerability exists that would allow an authenticated user and in some in

Fellipe Oliveira 295 Jan 06, 2023
A repository to detect the ARP spoofing in any devices and prevent Man in the Middle(MITM) attack using Python3

arp_spoof_detector A repository to detect the ARP spoofing in any devices and prevent Man in the Middle(MITM) attack using Python3 Usage: git clone ht

Surya Das N 1 Oct 30, 2021
Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password

Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password

Matt Creel 27 Dec 20, 2022
Argument Injection in Dragonfly Ruby Gem

CVE-2021-33564 PoC Exploit script for CVE-2021-33564 (Argument Injection in Dragonfly Ruby Gem). Usage Arbitrary File Read python3 poc.py -u https://

Michael Tsai 12 Nov 09, 2022
Tenssens framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources.

Tenssens framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources.

Md. Nur habib 31 Oct 21, 2022
Deobfuscate Log4Shell payloads with ease

Ox4Shell Deobfuscate Log4Shell payloads with ease. Description Since the release

Oxeye 137 Jan 02, 2023
Crowbar - A windows post exploitation tool

Crowbar - A windows post exploitation tool Status - ✔️ This project is now considered finished. Any updates from now on will most likely be new script

29 Nov 20, 2022
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanni

AnonyminHack5 12 Dec 02, 2022
Archive-Crack - A Tools for crack file archive

Install In TERMUX apt update && apt upgrade -y pkg install python git unrar

X - MrG3P5 10 Oct 06, 2022
带回显版本的漏洞利用脚本

CVE-2021-21978 带回显版本的漏洞利用脚本,更简单的方式 0. 漏洞信息 VMware View Planner Web管理界面存在一个上传日志功能文件的入口,没有进行认证且写入的日志文件路径用户可控,通过覆盖上传日志功能文件log_upload_wsgi.py,即可实现RCE 漏洞代码

3ky7in4 24 Nov 09, 2022
Use FOFA automatic vulnerability scanning tool

AutoSRC Use FOFA automatic vulnerability scanning tool Usage python3 autosrc.py -e FOFA EMAIL -k TOKEN Screenshots License MIT Dev 6613GitHub6613

PwnWiki 48 Oct 25, 2022
Blinder is a tool that will help you simplify the exploitation of blind SQL injection

Blinder Have you found a blind SQL injection? Great! Now you need to export it, but are you too lazy to sort through the values? Most likely,

10 Dec 06, 2022
IDA loader for Apple's iBoot, SecureROM and AVPBooter

IDA iBoot Loader IDA loader for Apple's iBoot, SecureROM and AVPBooter Installation Copy iboot-loader.py to the loaders folder in IDA directory. Credi

matteyeux 74 Dec 23, 2022
Attack SQL Server through gopher protocol

Attack SQL Server through gopher protocol

hack2fun 17 Nov 30, 2022
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

MurMurHash This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. What is MurMurHash? Murm

Viral Maniar 87 Dec 31, 2022