Web-Exploit-Toolkit/main.py at main · shantanuv09/Web-Exploit-Toolkit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
import argparse
from core import scanner, reporter
from modules import csrf, clickjacking, xss, sqli, htmli, openredirect, traversal


def parse_post_data(data_str):
    """
    Convert 'key1=val1&key2=val2' into a Python dict
    """
    data_dict = {}
    for pair in data_str.split("&"):
        if "=" in pair:
            k, v = pair.split("=", 1)
            data_dict[k] = v
    return data_dict


def main():
    parser = argparse.ArgumentParser(description="Custom Web Exploit Toolkit - CLI Version")
    parser.add_argument("-u", "--url", required=True,
                        help="Target URL (use {{param}} as injection point where applicable)")
    parser.add_argument("-m", "--modules", nargs="+", help="Modules to run", default=["all"])
    parser.add_argument("--method", default="GET", choices=["GET", "POST"],
                        help="HTTP method for injection-based modules (default: GET)")
    parser.add_argument("--data", help="POST data string for POST method (e.g., 'id={{param}}&Submit=Submit')")
    parser.add_argument("--cookie", help="Cookie string (e.g., PHPSESSID=abc123; other=value)")
    parser.add_argument("--header", action="append",
                        help="Extra header (can be used multiple times, e.g., --header 'Authorization: Bearer token')")
    parser.add_argument("--mode", help="Quick/Full (only for Traversal Module)", choices=["Quick", "Full"], default=["Quick"])
    parser.add_argument("--throttle", help="Timeout in secs between consecutive requests (only for Traversal Module)", default=0)
    parser.add_argument("--os_detect_only", help="Only detects OS and returns the report (only for Traversal Module)")
    args = parser.parse_args()

    # Setup global headers for scanner
    if args.cookie:
        scanner.SESSION_HEADERS["Cookie"] = args.cookie
    if args.header:
        for h in args.header:
            try:
                k, v = h.split(":", 1)
                scanner.SESSION_HEADERS[k.strip()] = v.strip()
            except ValueError:
                print(f"[!] Invalid header format: {h} (use 'Key: Value')")

    target = args.url
    selected_modules = args.modules
    post_data = None

    # If POST method is selected, parse post_data
    if args.method.upper() == "POST":
        if not args.data:
            parser.error("--data is required when using POST method")
        post_data = parse_post_data(args.data)

    results = []

    if "all" in selected_modules or "csrf" in selected_modules:
        results.append(csrf.run(target))
    if "all" in selected_modules or "clickjacking" in selected_modules:
        results.append(clickjacking.run(target))
    if "all" in selected_modules or "xss" in selected_modules:
        post_data = None
        if args.data:
            post_data = dict(x.split("=", 1) for x in args.data.split("&"))
        results.append(xss.run(target, method=args.method, post_data=post_data))
    if "all" in selected_modules or "sqli" in selected_modules:
        results.append(sqli.run(target, method=args.method, post_data=post_data))
    if "all" in selected_modules or "htmli" in selected_modules:
        results.append(htmli.run(target))
    if "all" in selected_modules or "openredirect" in selected_modules:
        results.append(openredirect.run(target))
    if "all" in selected_modules or "traversal" in selected_modules:
        post_data = None
        if args.data:
            post_data = dict(x.split("=", 1) for x in args.data.split("&"))
        results.append(
            traversal.run(target, method=args.method, post_data=post_data, throttle=args.throttle, os_detect_only=args.os_detect_only, mode=args.mode))

    reporter.generate_report(results, target)


if __name__ == "__main__":
    main()