ClickJackPoc

This tool will help you automate finding Clickjacking Vulnerability by just passing a file containing list of Targets .
Once the Target is Found Vulnerable It will generate the Exploit Proof of Conepet(PoC) for each Vulnerable targets.

What is Clickjacking ?

Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a or .</li> <li>Sites can use "X-Frame-Options" in the headers to avoid clickjacking attacks by ensuring that their content is not embedded into other sites.</li> <li><a href="https://owasp.org/www-community/attacks/Clickjacking" rel="nofollow">Reference</a></li> </ul> <h2 dir="auto"><a id="user-content-installation" class="anchor" aria-hidden="true" href="#installation"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Installation:</h2> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="git clone https://github.com/Raiders0786/ClickjackPoc.git cd ClickjackPoc pip install -r requirements.txt"> <pre><code>git clone https://github.com/Raiders0786/ClickjackPoc.git cd ClickjackPoc pip install -r requirements.txt </code></pre> </div> <h2 dir="auto"><a id="user-content-example" class="anchor" aria-hidden="true" href="#example"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Example:</h2> <p dir="auto">Example Usage of the Tool</p> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="python3 clickJackPoc.py -f domains.txt"> <pre><code>python3 clickJackPoc.py -f domains.txt </code></pre> </div> <p dir="auto"><a target="_blank" rel="noopener noreferrer" href="https://github.com/Raiders0786/ClickjackPoc/raw/master/usage.png"><img src="https://github.com/Raiders0786/ClickjackPoc/raw/master/usage.png" alt="1" style="max-width: 100%;"></a></p> <h2 dir="auto"><a id="user-content-allowed-targets-format" class="anchor" aria-hidden="true" href="#allowed-targets-format"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Allowed Targets Format:</h2> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="http://target.com target.com www.target.com https://tartget.com/ https://IP:Port IP:Port http://IP:Port/login http://www.target.com/directory https://www.target.com/directory"> <pre><code>http://target.com target.com www.target.com https://tartget.com/ https://IP:Port IP:Port http://IP:Port/login http://www.target.com/directory https://www.target.com/directory </code></pre> </div> <h2 dir="auto"><a id="user-content-benefits" class="anchor" aria-hidden="true" href="#benefits"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Benefits:</h2> <ul dir="auto"> <li>It will take all the targets from the file passed.</li> <li>Make the exploit Poc by creating a HTML File with <code>TargetName.html</code> as the Output.</li> <li>Will Print <code>Not Vulnerable</code> if Target is not Vulnerable.</li> </ul> <h2 dir="auto"><a id="user-content-reach-me-" class="anchor" aria-hidden="true" href="#reach-me-"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Reach Me :</h2> <ul dir="auto"> <li><code>Do Tag Me if you get Rewarded💸💰 , Will be Very Happy to hear that 😄 !</code></li> <li>Do Give it a <code>Star</code> if you like it & <code>Follow</code> me for more such stuffs!</li> <li>Let me know if you have any Suggestion's or want to Collaborate.</li> <li>This tool is made for Learning Purpose !</li> </ul> <p dir="auto"><a href="https://www.linkedin.com/in/chirag-agrawal-770488144/" rel="nofollow"><img src="https://camo.githubusercontent.com/a80d00f23720d0bc9f55481cfcd77ab79e141606829cf16ec43f8cacc7741e46/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c696e6b6564496e2d3030373742353f7374796c653d666f722d7468652d6261646765266c6f676f3d6c696e6b6564696e266c6f676f436f6c6f723d7768697465" alt="Linkedin" style="height: 60px; width: 170px; max-width: 100%;" data-canonical-src="https://img.shields.io/badge/LinkedIn-0077B5?style=for-the-badge&logo=linkedin&logoColor=white"></a> <a target="_blank" rel="noopener noreferrer" href="https://camo.githubusercontent.com/c4beccd946d3d75029f0f1755d7b758604ad25a83cd668e06eed6646b99b7108/68747470733a2f2f696d672e736869656c64732e696f2f747769747465722f666f6c6c6f772f5f5f526169646572733f7374796c653d736f6369616c"><img alt="Twitter Follow" src="https://camo.githubusercontent.com/c4beccd946d3d75029f0f1755d7b758604ad25a83cd668e06eed6646b99b7108/68747470733a2f2f696d672e736869656c64732e696f2f747769747465722f666f6c6c6f772f5f5f526169646572733f7374796c653d736f6369616c" width="250" height="50" data-canonical-src="https://img.shields.io/twitter/follow/__Raiders?style=social" style="max-width: 100%;"></a></p>

Automated tool to find & created Exploit Poc for Clickjacking Vulnerability

Related tags

Overview

ClickJackPoc

What is Clickjacking ?

Owner

Chirag Agrawal

MITMSDR for INDIAN ARMY cybersecurity hackthon

Community Repository for Unofficial Saltbox Add-ons

A token logger for discord + steals Brave/Chrome passwords and usernames

This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit

JS Deobfuscation is a Python script that deobfuscate JS code and it's time saver for you.

Password List Maker

Cryptick is a stock ticker for cryptocurrency tokens, and a physical NFT.

Proof-of-concept obfuscation toolkit for C# post-exploitation tools

KeyKatcher is a keylogger that records keystrokes made on a computer and sends to the E-Mail.

Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

Ini membuat tema berbasis bendera Indonesia with Python + Linux.py

Gefilte Fish GMail filter creator

CVE-2022-21907 - Windows HTTP协议栈远程代码执行漏洞 CVE-2022-21907

🐎🖥《赛马娘》（ウマ娘: Pretty Derby）辅助脚本

Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077

Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

A black hole for Internet advertisements

It is a very simple XSS simulator based on flask, python.

NS-LOOKUP - A python script for scanning website for getting ip address of a website

Just another script for automatize boolean-based blind SQL injections.