webXtools


NamewebXtools JSON
Version 1.2.0 PyPI version JSON
download
home_page
SummaryA set of tools for Web Exploitation
upload_time2022-12-25 05:08:22
maintainer
docs_urlNone
authorAz3z3l (Yaswant)
requires_python
license
keywords python hacking ctf web explotation bruteforce
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            
# webXtools

A wouldbe toolset for web exploitation and other general tools used in CTFs. 

## To install

`pip3 install webXtools`


## Modules

* [Bruteforcer](#bruteforce)
* [Race Condition](#race-condition)
* [JWT](#jwt)

## Usage

### Bruteforce
A multithreaded approach to generate strings

```py
import webXtools
import hashlib
import string

# Find a string such that `hashlib.sha256("string".encode('utf-8')).hexdigest()[:5]` returns `3f6ac`


def check(string):
    if hashlib.sha256(string.encode('utf-8')).hexdigest()[:5] == "3f6a4":
        return True
    else:
        return False

# Returns the string that solves callback
print(webXtools.bruteforce(minLength=1, maxLength=4, charSet=string.ascii_letters+string.digits, noOfThreads=4, callback=check))

# Prints all the strings generated
webXtools.bruteforce(minLength=1, maxLength=4, charSet=string.ascii_letters+string.digits, noOfThreads=4, callback=print)


# bruteforceList
def doit(st):
    # something with the string 
    return False

webXtools.bruteforceList(stringList=[1, 2, 3, 4, 5, 6, 7, 8, 9, 10], noOfThreads=5, callback=doit)


# bruteforceFile
webXtools.bruteforceFile(file="./payloads.txt", noOfThreads=5, callback=check)

```

### Race Condition
Test race condition in Web Applications

```py
import webXtools

# 1
r = webXtools.race(url="https://google.com", numberOfRequests=100, threads=5)
## r has a list of all the responses


# 2
webXtools.race(url="http://vuln.com", cookies={"id":"evil"}, method="GET", headers={"iam":"admin"}, numberOfRequests=200, threads=10)


# 3
request = """POST /test/ HTTP/1.1
HOST: localhost:1337
Content-Type: application/JSON
Content-Length: 15

{"test":"data"}
"""
webXtools.race(url="http://localhost:1337", absoluteRequest=request, threads=5)
```

### JWT

```py
import webXtools
import string

token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.R6zywlgNMEEcoM01FyTd3XY-iODzr-uvpWWw9i8VHho"

print(webXtools.jwtHS256Brute(token, charSet=string.ascii_letters, maxLength=3))

print(webXtools.jwtHS256Brute(token, stringList=["a", "c", "abs"]))

print(webXtools.jwtHS256Brute(token, stringFile="./strings.txt", noOfThreads=10))
```


            

Raw data

            {
    "_id": null,
    "home_page": "",
    "name": "webXtools",
    "maintainer": "",
    "docs_url": null,
    "requires_python": "",
    "maintainer_email": "",
    "keywords": "python,hacking,ctf,web explotation,bruteforce",
    "author": "Az3z3l (Yaswant)",
    "author_email": "<star7ricks@gmail.com>",
    "download_url": "https://files.pythonhosted.org/packages/d0/84/4b1033d74096bbb81b8205f0eb0b857ef544865f4f477bdbee4cefd901da/webXtools-1.2.0.tar.gz",
    "platform": null,
    "description": "\n# webXtools\n\nA wouldbe toolset for web exploitation and other general tools used in CTFs. \n\n## To install\n\n`pip3 install webXtools`\n\n\n## Modules\n\n* [Bruteforcer](#bruteforce)\n* [Race Condition](#race-condition)\n* [JWT](#jwt)\n\n## Usage\n\n### Bruteforce\nA multithreaded approach to generate strings\n\n```py\nimport webXtools\nimport hashlib\nimport string\n\n# Find a string such that `hashlib.sha256(\"string\".encode('utf-8')).hexdigest()[:5]` returns `3f6ac`\n\n\ndef check(string):\n    if hashlib.sha256(string.encode('utf-8')).hexdigest()[:5] == \"3f6a4\":\n        return True\n    else:\n        return False\n\n# Returns the string that solves callback\nprint(webXtools.bruteforce(minLength=1, maxLength=4, charSet=string.ascii_letters+string.digits, noOfThreads=4, callback=check))\n\n# Prints all the strings generated\nwebXtools.bruteforce(minLength=1, maxLength=4, charSet=string.ascii_letters+string.digits, noOfThreads=4, callback=print)\n\n\n# bruteforceList\ndef doit(st):\n    # something with the string \n    return False\n\nwebXtools.bruteforceList(stringList=[1, 2, 3, 4, 5, 6, 7, 8, 9, 10], noOfThreads=5, callback=doit)\n\n\n# bruteforceFile\nwebXtools.bruteforceFile(file=\"./payloads.txt\", noOfThreads=5, callback=check)\n\n```\n\n### Race Condition\nTest race condition in Web Applications\n\n```py\nimport webXtools\n\n# 1\nr = webXtools.race(url=\"https://google.com\", numberOfRequests=100, threads=5)\n## r has a list of all the responses\n\n\n# 2\nwebXtools.race(url=\"http://vuln.com\", cookies={\"id\":\"evil\"}, method=\"GET\", headers={\"iam\":\"admin\"}, numberOfRequests=200, threads=10)\n\n\n# 3\nrequest = \"\"\"POST /test/ HTTP/1.1\nHOST: localhost:1337\nContent-Type: application/JSON\nContent-Length: 15\n\n{\"test\":\"data\"}\n\"\"\"\nwebXtools.race(url=\"http://localhost:1337\", absoluteRequest=request, threads=5)\n```\n\n### JWT\n\n```py\nimport webXtools\nimport string\n\ntoken = \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.R6zywlgNMEEcoM01FyTd3XY-iODzr-uvpWWw9i8VHho\"\n\nprint(webXtools.jwtHS256Brute(token, charSet=string.ascii_letters, maxLength=3))\n\nprint(webXtools.jwtHS256Brute(token, stringList=[\"a\", \"c\", \"abs\"]))\n\nprint(webXtools.jwtHS256Brute(token, stringFile=\"./strings.txt\", noOfThreads=10))\n```\n\n",
    "bugtrack_url": null,
    "license": "",
    "summary": "A set of tools for Web Exploitation",
    "version": "1.2.0",
    "split_keywords": [
        "python",
        "hacking",
        "ctf",
        "web explotation",
        "bruteforce"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "md5": "e9d9a4734c736039c63795a183c0cc82",
                "sha256": "3d12064a2976c4c153250de55465ab554a4e6ef3ecd916b6779c26d1ff35d827"
            },
            "downloads": -1,
            "filename": "webXtools-1.2.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "e9d9a4734c736039c63795a183c0cc82",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": null,
            "size": 7345,
            "upload_time": "2022-12-25T05:08:20",
            "upload_time_iso_8601": "2022-12-25T05:08:20.140569Z",
            "url": "https://files.pythonhosted.org/packages/63/b3/136cb3294cae6419a074bdea9061281b194cc80c908a695d242eae3fd03c/webXtools-1.2.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "md5": "a0335128dd19066d27ca6d2b7687e495",
                "sha256": "250ac3c97ae8f666ab657995b531192e93f4404e289ffd37017bdcf0e6bc8147"
            },
            "downloads": -1,
            "filename": "webXtools-1.2.0.tar.gz",
            "has_sig": false,
            "md5_digest": "a0335128dd19066d27ca6d2b7687e495",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 7197,
            "upload_time": "2022-12-25T05:08:22",
            "upload_time_iso_8601": "2022-12-25T05:08:22.615985Z",
            "url": "https://files.pythonhosted.org/packages/d0/84/4b1033d74096bbb81b8205f0eb0b857ef544865f4f477bdbee4cefd901da/webXtools-1.2.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2022-12-25 05:08:22",
    "github": false,
    "gitlab": false,
    "bitbucket": false,
    "lcname": "webxtools"
}
        
Elapsed time: 0.32860s