¶ Blackwidow
Demo
BlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities.
¶ Features
¶ Used facts:
Cross-Site Scripting (XSS)
Directory Traversal (Path Traversal)
DOM-based link manipulation
Dynamic URLs detected
Email address detected
External link detected
Generic PHP Command Injection
Linux Command Injection
Linux PHP Command Injection
Linux Time Based Command Injection
Local File Inclusion (LFI)
Open Redirect
Phones Discovered
PHP Command Injection
Potential Buffer Overflow
Potential Insecure Direct Object Reference (IDOR)
Remote File Inclusion (RFI)
Server-Side Template Injection
SQL-injection
Subdomain(s) detected
The phone number detected
Unique dynamic parameters detected
¶ Facts screenshots:
¶ Screenshots of results:
¶ Category:
Security/Crawler
¶ Flag:
RUN apk add --no-cache --virtual .build-deps gcc python-dev build-base libxml2-dev libxslt-dev \
&& pip install --no-cache-dir -r requirements.txt \
&& apk del .build-deps
¶ Audit Tags:
Aggressive, CVE, Exploit, Old, Enumerate, E-mail, Crawling, RCE, Bruteforce, Time consuming, OS injection, RFI, LFI, SQLI, XSS, Code injection, Directory Traversal, Subdomains, Vulnerability identification
¶ DISCLAIMER
This program is used for educational and ethical purposes only. I take no responsibility for any damages caused from using this program. By downloading and using this software, you agree that you take full responsibility for any damages and liability.