Linux / Networking / Payloads / Reconnaissance / Spyboy-Tools

WebSecProbe: Web Security Assessment Tool

spyboy's avatarPosted by

A cutting-edge utility designed exclusively for web security aficionados, penetration testers, and system administrators. WebSecProbe is your advanced toolkit for conducting intricate web security assessments with precision and depth. This robust tool streamlines the intricate process of scrutinizing web servers and applications, allowing you to delve into the technical nuances of web security and fortify your digital assets effectively.

This tool is a Proof of Concept and is for Educational Purposes Only.

WebSecProbe is designed to perform a series of HTTP requests to a target URL with various payloads in order to test for potential security vulnerabilities or misconfigurations. Here’s a brief overview of what the code does:

  • It takes user input for the target URL and the path.
  • It defines a list of payloads that represent different HTTP request variations, such as URL-encoded characters, special headers, and different HTTP methods.
  • It iterates through each payload and constructs a full URL by appending the payload to the target URL.
  • For each constructed URL, it sends an HTTP GET request using the requests library, and it captures the response status code and content length.
  • It prints the constructed URL, status code, and content length for each request, effectively showing the results of each variation’s response from the target server.
  • After testing all payloads, it queries the Wayback Machine (a web archive) to check if there are any archived snapshots of the target URL/path. If available, it prints the closest archived snapshot’s information.Key Points:
    1. Functionality:The HTTP Request Tester Tool allows users to send a series of HTTP requests to a specified target URL with a wide range of payloads and variations. These requests are designed to test how the web server responds to different input, including URL-encoded characters, special headers, and variations in HTTP methods.
    2. Variety of Payloads:The tool includes a list of payloads that represent different HTTP request variations. These payloads are used to construct URLs with unique characteristics, such as path manipulations and custom headers. Testing with these payloads can help uncover hidden vulnerabilities or weaknesses in the target server’s configuration.
    3. Response Analysis:After each request, the tool captures and displays important information, including the HTTP status code and the length of the response content. This data provides valuable insights into how the server handles each request, allowing users to identify potential issues.
    4. Wayback Machine Integration:In addition to testing for security vulnerabilities, the tool also offers integration with the Wayback Machine, a web archive service. Users can check if there are any archived snapshots of the target URL/path, providing historical context and potential insights into the evolution of the web page.

    Who Should Use This Tool:

    The HTTP Request Tester Tool is primarily intended for the following audiences:

    • Web Security Professionals: Security experts can use this tool to conduct thorough security assessments of web applications. It helps them identify and address vulnerabilities before malicious actors can exploit them.
    • Penetration Testers: Penetration testers can employ this tool to simulate real-world attack scenarios, including URL manipulation and header injections, to assess the security posture of a web server.
    • System Administrators: System administrators can use this tool to proactively assess and strengthen their server configurations against potential threats and misconfigurations.

    Purpose of the Tool:

    The primary purpose of the HTTP Request Tester Tool is to:

    • Identify Security Weaknesses: By sending a variety of requests, the tool helps identify security weaknesses, including improper handling of input, directory traversal vulnerabilities, and more.
    • Security Testing: It serves as a valuable component in the arsenal of security professionals and testers, aiding in the discovery of vulnerabilities before they can be exploited by malicious actors.
    • Historical Analysis: The tool also allows users to check for archived versions of web pages, offering insights into how a website has evolved over time and potentially revealing past vulnerabilities that have since been addressed.

OS compatibility :

   

Requirements:

 

⭔ PYPI Installation :

pip install WebSecProbe

How To Run On CLI:

WebSecProbe <URL> <Path>

Example:

WebSecProbe https://spyboy.in premium

Python Code

from WebSecProbe.main import WebSecProbe

if __name__ == "__main__":
    url = 'https://spyboy.in'  # Replace with your target URL
    path = 'premium'  # Replace with your desired path

    probe = WebSecProbe(url, path)
    probe.run()

💬 If having issue Chat here

Discord Server

⭔ Snapshots

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.