cazador_unr: WebApp Pentest toolkit

by do son · Published · Updated

WebApp Pentest toolkit

Cazador

Tools

Listeners

  • HTTP Server
  • DNS Server
  • TCP Server
  • POSTMessage Hooker
  • Websocket Hooker

Analysis

  • HTTP/JS-Files/Binary Analyze
  • Analyze Files (Binary, Metadata, Text files, Js sinks)

Net Tools

  • Get DNS Records
  • Resolve Hosts
  • Reverse IPs
  • Passive DNS
  • DNS History

Text Tools

  • Text Processing
  • Block construct
  • Format generator
  • pattern creation
  • Encrypt/Decrypt data
  • Hash Identification
  • Crackers
  • Payload Generators
  • Encoders/Decoders
  • Poc Generators (Python, Bash, HTML)

Recon

  • Get Websites ScreenShots
  • GET Subdomains (Scrabbing, Minning, DNS-brute-force, Http-brute-force)
  • Site categorizer
  • s3/GC bucket enumeration
  • Github Lister
  • Ip History

Scanners

  • Detect Misconfiguration
  • Port/vulnerability/ssl scanner
  • Vulnerability Exploiters
  • Waf Detection

Scrabbers

  • Download Android apps (APK)
  • Travis-CI logs fetching

if the app is not working properly, Download this archive dlls.zip and extract the dll files, put them in the application folder, beside the executable file

Some notes:

  • This tool is meant primarily for bug hunters (especially beginners).
  • This tool is not backdoored with any malicious software/tracking.
  • This tool contains bugs more than features so use it carefully.
  • Connections are issued using the .Net (SystemDotWeb) which is slow and limited by design, consider using many threads, this will be replaced with another solution.
  • Memory is not carefully managed so be careful, do not use all the tools at the same time.
  • Do not use it illegally
  • Tools starting with _ are not built yet, I added buttons to remember writing them so I could build them in future, hence no need to reverse engineer the tool in order to enable them, if you have time feel free to do it no problem.
  • Many third-parties are used without permission no APIS used.
  • The source code is not published because the tool is a beta and the code is ugly and worse than my handwriting.
  • The project is planned to be open-source with the first release.
  • Suggestions are deeply welcome.
  • Credits are reserved for all authors and third-parties.

Download

Tools discussed separately here

Tags: WebApp Pentest toolkit