Webbies Toolkit – Web Recon & Enumeration Tools

Use Netsparker


Webbies Toolkit is a pair of tools that enable asynchronous web recon & enumeration including SSL detection, banner grabbing and presence of login forms.

Webbies Toolkit - Web Recon & Enumeration Tools

Webbies Features

  • Respects scope (including redirects)
  • Uses same DNS resolver for enumeration and retrieval by patching aiohttp TCPConnector
  • Cached DNS requests by wrapping aiodns
  • SSLContext can be modified for specific SSL versions
  • Outputs a simple CSV for easy grep-fu of results
  • Asynchronous http(s) and dns
  • Specialized bingapi search on ip and hostname given bing key

FDB Features

  • Fast directory/web application eumeration
  • Dir bust numerous hosts simultaneously and save all results in a directory in a CSV file per host
  • Task control to limit requests per second
  • Multiple progress bars for current status on running FDB’s
  • Include word list used, target, extensions, and start and stop times in CSV file
  • 404 detection based on response structure and content

Usage

You can download Webbies Toolkit here:

webbies-master.zip

Or read more here.

Posted in: Hacking Tools, Networking Hacking

,


Latest Posts:


SCADA Hacking - Industrial Systems Woefully Insecure SCADA Hacking – Industrial Systems Woefully Insecure
airgeddon - Wireless Security Auditing Script airgeddon – Wireless Security Auditing Script
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.
Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.
CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.


Comments are closed.