WebPwn3r - A Web Application Security Scanner

WebPwn3r is a Python-based web application security scanner.

              __          __  _     _____                 ____       
     \ \        / / | |   |  __ \               |___ \      
      \ \  /\  / /__| |__ | |__) |_      ___ __   __) |_ __ 
       \ \/  \/ / _ \ '_ \|  ___/\ \ /\ / / '_ \ |__ <| '__|
             \  /\  /  __/ |_) | |     \ V  V /| | | |___) | |   
                 \/  \/ \___|_.__/|_|      \_/\_/ |_| |_|____/|_|   

        ##############################################################
        #| "WebPwn3r" Web Applications Security Scanner              #
        #|  By Ebrahim Hegazy - @Zigoo0                              #
        #|  This Version Supports Remote Code/Command Execution, XSS #
        #|  And SQL Injection.                                       #
   #|  Thanks @lnxg33k, @dia2diab @Aelhemily, @okamalo          #
      #|  More Details: http://ift.tt/2hWkFVA   #
        ##############################################################

Features:

• Scan a URL or List of URL's.
• Detect and exploit Remote Code Injection vulnerabilities.
• Detect and exploit Remote Command Execution vulnerabilities.
• Detect and exploit SQL Injection vulnerabilities.
• Detect and exploit typical XSS vulnerabilities.
• Detect WebKnight WAF.
• Improved Payloads to bypass Security Filters/WAF's.
• Fingerprint the backend Technologies.

How To Use WebPwn3r

1. Run this:

  python scan.py  

2. The tool will ask you if you want to scan URL or List of URLs?

Enter number 1 to scan a URL
Enter number 2 to scan list of URL's

URL(s) should be a full link with parameters.

Example: http://localhost/rand/news.php?com=val&id=11&page=24&text=zigoo

Download WebPwn3r

You might also like:

• Zed Attack Proxy - Web Application Penetration Testing Tool
• Nmap - Network Security Audit Tool
• Noriben - Python Based Malware Analysis Sandbox
• D-TECT - Command-line Based Web Application Penetration Testing Tool
• BruteXSS - Cross-Site Scripting BruteForcer
• BruteForcer - Client-Server Multithreaded Tool To Crack RAR File Passwords
• Cain & Abel - Tool For Hackers
• JPassword Recovery - Free Tool To Crack Password Protected Archives (zip, rar, 7z)
• PenTBox - An Open Source Security Suite
• Shoryuken - An SQL Injection Tool
• NetworkMiner - Network Forensic Analysis Tool
• SoftPerfect WiFi Guard - Tool For Detecting & Alerting WiFi Network Intrusions
• BlindElephant - Web Application Fingerprinter
• theHarvester - Tool For Gathering Target Information (E-mail accounts, subdomain names, open ports and etc.)
• SI6 Networks' IPv6 Toolkit - A Security Assessment & Troubleshooting Tool For IPv6 Protocols
• Automater - Tool For Analyzing URLs/Domains, IP Addresses, and Md5 Hashes
• Web-Sorrow - Tool For Detecting Misconfigurations and Collecting Server Information
• ADHD - An Ubuntu Based Security Distribution

from Effect Hacking full article here