{"id":21089536,"url":"https://github.com/farinap5/webpwn","last_synced_at":"2025-09-05T02:17:53.508Z","repository":{"id":45743006,"uuid":"319408548","full_name":"farinap5/webpwn","owner":"farinap5","description":"Web Vulnerability Detector (XSS,SQL,LFI,XST,WAF)","archived":false,"fork":false,"pushed_at":"2020-12-08T15:14:09.000Z","size":20,"stargazers_count":24,"open_issues_count":1,"forks_count":9,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-16T12:40:06.594Z","etag":null,"topics":["lfi","lfi-exploitation","pentesting","python","sqli-pentester","sqli-vulnerability-scanner","sqlinjection","waf-detection","webpwn","xss-attacks","xss-detection","xss-exploitation","xss-vulnerability","xst"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/farinap5.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-12-07T18:27:23.000Z","updated_at":"2025-05-13T23:11:47.000Z","dependencies_parsed_at":"2022-09-01T23:01:30.230Z","dependency_job_id":null,"html_url":"https://github.com/farinap5/webpwn","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/farinap5/webpwn","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farinap5%2Fwebpwn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farinap5%2Fwebpwn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farinap5%2Fwebpwn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farinap5%2Fwebpwn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/farinap5","download_url":"https://codeload.github.com/farinap5/webpwn/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farinap5%2Fwebpwn/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273699920,"owners_count":25152326,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-05T02:00:09.113Z","response_time":402,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["lfi","lfi-exploitation","pentesting","python","sqli-pentester","sqli-vulnerability-scanner","sqlinjection","waf-detection","webpwn","xss-attacks","xss-detection","xss-exploitation","xss-vulnerability","xst"],"created_at":"2024-11-19T21:29:22.814Z","updated_at":"2025-09-05T02:17:53.472Z","avatar_url":"https://github.com/farinap5.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eWebPwn\u003c/h1\u003e\n\u003cp align=\"center\"Web Vuln Detector\u003c/p\u003e\n\u003cp align=\"center\"\u003eWeb Vulnerability Scanner\u003c/p\u003e\n\u003cp align=\"center\"\u003e \n   \u003cimg src=\"https://img.shields.io/badge/language-python-blue.svg\"\u003e\n\u003c/p\u003e\n\n***\n\n## Features\n\nWeb Application Firewall (WAF) detection.\n\nCross Site Scripting (XSS) tests.\n\nSQL injection time based test.\n\nSQL injection error based test.\n\nLocal File Inclusion (LFI) test.\n\nCross Site Tracing (XST) test.\n\n***\n\n### Download and Run\n\n\u003e git clone https://github.com/farinap5/webpwn.git\n\n\u003e cd webpwn\n\n\u003e python3 webpwn.py http://example.com/page.php?cat=1\n\n***\n### Example of Output\n\n```\npython3 webpwn.py http://example.com/page.php?cat=1\n\n[*] No WAF Detected.\n\n    WebPwn\n    ------\nTarget: http://example.com/page.php?cat=1\n\nServer: nginx/1.19.0\nData: Mon, 07 Dec 2020 18:24:50 GMT\nPowered: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1\n\n[!] Testing XSS\n[!] 10 Payloads.\n[+] 9 Payloads were found.\n\n[*] Payload found!\n[!] Payload: \u003cscript\u003ealert(\"inject\")\u003c/script\u003e\n[!] POC: http://example.com/page.php?cat=\u003cscript\u003ealert(\"inject\")\u003c/script\u003e\n\n[*] Payload found!\n[!] Payload: %3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E\n[!] POC: http://example.com/page.php?cat=%3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E\n\n[!] Testing SQLi\n[*] Blind SQL injection time based found!\n[!] Payload: 1-SLEEP(2)\n[!] POC: http://example.com/page.php?cat=1-SLEEP(2)\n\n[*] SQL Error found.\n[!] Payload: '\n[!] POC: http://example.com/page.php?cat='\n\n[!] Testing LFI\n[*] Payload found!\n[!] Payload: ../../../../etc/passwd\n[!] POC: http://example.com/page.php?cat=../../../../etc/passwd\n\n\n[!] Testing XST\n[*] This site seems vulnerable to Cross Site Tracing (XST)!\n\n```\n\n***\n\n## Discaimer\n\n```\nUsage of the webpwn for attack targets without prior mutual consent is illegal. \nIt is the end user's responsability to obey all applicable local, state, federal and international laws. \nDeveloper assume no liability and not responsible for any misuse or damage caused by this program.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffarinap5%2Fwebpwn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffarinap5%2Fwebpwn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffarinap5%2Fwebpwn/lists"}