Skip to content

A Vulnerability assessment tool that uses json templates for scanning

Notifications You must be signed in to change notification settings

A51F221B/WebPloit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 

Repository files navigation

WebPloit


What is WebPloit

WebPloit is a Web Application vulnerability testing automation tool, which would focus on providing a user friendly experience along with fast and automated testing.

Objective

To develop a tool capable of assessing security vulnerabilities in web applications.

Our project will contain three parts:

  • Terminal based interface

    Initially we will create a terminal interface where a user could provide a url, the url will be used by our app for further reconnaissance i.e. subdomain enumeration.
  • Django based admin interface

    The second phase will be to create a admin interface where the user could see all the subdomains found that are being scanned for vulnerabilities.We could add additional features to enhance the user experience.
  • A Front End

    The last phase would be to create a frontend that is user friendly so that people with non technical backgrounds can understand what is going on. Also, This could help us further turn this app into a potential startup.

Directions

Our goal is to automate the exploitation of following vulnerabilities

Open Redirect Vulnerability

  • Reflected

XSS based (Cross-Site Scripting)

  • Reflected XSS
  • Stored XSS
  • DOM-based XSS

SQL based (Sequel Injection)

  • UNION based SQL
  • Blind SQL injection

XXE (XML Externel Entity)

Technologies

The technologies we could be using are

  • Python
  • Django
  • git
  • MongoDB
  • ReactJS
  • Any other necessary framework or technology

Features we plan to include

  • Automated Testing
  • UI experience with a frontend
  • A database that could maintain all the records

Additional Integrations

We plan to use to give options such as Discord integration or sending an email to your work account regarding any alert or notification generated by the system.

Idea

User could install Discord app on their mobile phone. There would be a discord bot connected to the backend of the app. A user could simply give commands to the bot using simple text messages ! For example a user could send the text Domain --name au.edu.pk and the bot will send this message to the backend of the app (which is live on a server) and the app will check for all the available domains and return the result to their mobile app ! So this means everything could be done using a simple mobile app !


Timeline

FYP - I (Information Gathering)

  • Research
  • Studying and understanding the relevant technologies
  • Static front-end (initial phase)
  • Developing initial API's
  • Reconnaissance

FYP - II (Assessment)

  • Implementing Vulnerability assessment logic
  • Creating a payload database
  • Automating the exploitation phase
  • Assessing & Evaluating the vulnerabilities

FYP - III (Finalising)

  • Improving & Enhancing
  • Generating Reports
  • Adding User Sign-up and Sign-In functionality

IMPORTANT NOTE

The technologies mentioned above are just tools that we are using to achieve our goal i.e. Automating Vulnerability testing. So, these tools could change in future according to the needs of our project.We could be using additional technologies in the future that are not mentioned here.

The goal of our project will not change.

About

A Vulnerability assessment tool that uses json templates for scanning

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •