HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

WebApp Pentest toolkit

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,612
Solutions
2
Reputation
32
Reaction score
100,454
Points
2,313
Credits
32,640
‎6 Years of Service‎
 
76%
scanner0.png


Tools

Listeners

    HTTP Server
    DNS Server
    TCP Server
    POSTMessage Hooker
    Websocket Hooker

Analysis

    HTTP/JS-Files/Binary Analyze
    Analyze Files (Binary, Metadata, Text files, Js sinks)

Net Tools

    Get DNS Records
    Resolve Hosts
    Reverse IPs
    Passive DNS
    DNS History

Text Tools

    Text Processing
    Block construct
    Format generator
    pattern creation
    Encrypt/Decrypt data
    Hash Identification
    Crackers
    Payload Generators
    Encoders/Decoders
    Poc Generators (Python, Bash, HTML)

Recon

    Get Websites ScreenShots
    GET Subdomains (Scrabbing, Minning, DNS-brute-force, Http-brute-force)
    Site categorizer
    s3/GC bucket enumeration
    Github Lister
    Ip History

Scanners

    Detect Misconfiguration
    Port/vulnerability/ssl scanner
    Vulnerability Exploiters
    Waf Detection

Scrabbers

    Download Android apps (APK)
    Travis-CI logs fetching

if the app is not working properly, Download this archive dlls.zip and extract the dll files, put them in the application folder, beside the executable file

Some notes:

    This tool is meant primarily for bug hunters (especially beginners).
    This tool is not backdoored with any malicious software/tracking.
    This tool contains bugs more than features so use it carefully.
    Connections are issued using the .Net (SystemDotWeb) which is slow and limited by design, consider using many threads, this will be replaced with another solution.
    Memory is not carefully managed so be careful, do not use all the tools at the same time.
    Do not use it illegally
    Tools starting with _ are not built yet, I added buttons to remember writing them so I could build them in future, hence no need to reverse engineer the tool in order to enable them, if you have time feel free to do it no problem.
    Many third-parties are used without permission no APIS used.
    The source code is not published because the tool is a beta and the code is ugly and worse than my handwriting.
    The project is planned to be open-source with the first release.
    Suggestions are deeply welcome.
    Credits are reserved for all authors and third-parties.

To see this hidden content, you must like this content.
 
Status
Not open for further replies.
Back
Top