Not to be confused with the Vulkan/OpenGL/Mesa3D stuff. I am not the owner of those projects. Dont confuse yourself.
- Git clone the repo and run Test.sh.
——————--————————--————————--————————-
WebVigil is an open-source penetration testing tool designed for comprehensive web application security assessments. It assists security professionals, ethical hackers, and developers in identifying and mitigating vulnerabilities efficiently. This tool automates in-depth reconnaissance, scanning, and fuzzing to provide a thorough evaluation of web application security.
Prerequisites
- Required: dig, nmap, jq, python, python3, dig is dnsutils, I believe.
- Optional: smbclient (functionality is disabled in the main script)
- Project File: Test.sh
https://www.notion.so/223afc0ef1dc8001960dcafde295d9e2?source=copy_link ./Test.sh spotify.com
For robust web app security. Our script delivers an automated web vulnerability scan with cutting-edge reconnaissance and fuzzing techniques. We're talking about thorough OWASP Top 10 scanner capabilities, ensuring you catch critical flaws like Cross-Site Scripting (XSS), SQL Injection (SQLi), Broken Authentication, Broken Access Control, XXE, Security Misconfigurations, and Sensitive Data Exposure. What WebVigil Brings to Your Security Workflow: is everything.
With solid risk and vulnerability indentification, along with top notch recon, advanced target implementation analysis (indirectly), enumeration of subdomains, ports, and directories, threat/threat surface profiling, exploit research, exploitation, and vulnerability analysis.
And additionally, INFORMATION GATHERING.
With HPP (hyper parameter pollution and double token checks if I send two requests at the same time, is it same token then thats a vuln.)¹.¹
-
Intelligent Discovery:
- Performs precise subdomain enumeration and IP resolution to map the target's infrastructure.
- Conducts deep web crawling to identify all potential attack vectors across the entire application.
-
Dynamic Fuzzing Power:
- Employs advanced parameter and header fuzzing.
- Tests for HTTP Parameter Pollution (HPP), command injection, directory traversal, and file upload vulnerabilities using dynamically generated payloads.
-
Real-World Interaction Simulation:
-
Dynamically analyzes HTML to locate forms and input fields¹. What others miss, direct interaction with the UI¹. Become the ghost in the machine¹. See bottom of page for clarification.
-
Simulates user interactions to uncover vulnerabilities often missed by static analysis tools.
-
-
Integrated Network & Service Scan:
-
Seamlessly integrates with Nmap to run a wide array of scripts (default, vuln, http-enum, http-vuln*, ftp-vsftpd-backdoor, ssh2-enum-algos, ssl-*).
-
Provides a holistic view of exposed services and network-level vulnerabilities.
-
Note: SMB scanning is emulated via Nmap scripts; smbclient is an optional, disabled dependency.
-
-
Customizable Payload Generation:
- Creates effective payloads by combining user-defined keywords (from keywords.txt) with smart patterns and common injection strings for focused directory bruteforcing.
-
Comprehensive Security Reporting:
- Consolidates all discovered vulnerabilities and scan details into a clear and actionable security report to facilitate efficient remediation.
WebVigil is ideal for a range of users involved in security, including:
- Cybersecurity Students
- Ethical Hackers & Security Researchers
- Bug Bounty Hunters
- DevOps Teams practicing DevSecOps
- Organizations looking to enhance their web application security audits
- HTML UI nteraction
- Sr./Jr. Web PenTesters
- Head of Security (IT) (Information Security Head)
For robust web app security. Our script delivers an automated web vulnerability scan with cutting-edge reconnaissance and fuzzing techniques. We're talking about thorough OWASP Top 10 scanner capabilities, ensuring you catch critical flaws like Cross-Site Scripting (XSS), SQL Injection (SQLi), Broken Authentication, Broken Access Control, XXE, Security Misconfigurations, and Sensitive Data Exposure. What WebVigil Brings to Your Security Workflow: is everything.
With solid risk and vulnerability indentification, along with top notch recon, advanced target implementation analysis (indirectly), enumeration of subdomains, ports, and directories, threat/threat surface profiling, exploit research, exploitation, and vulnerability analysis.
And additionally, INFORMATION GATHERING.
With HPP (hyper parameter pollution and double token checks if I send two requests at the same time, is it same token then thats a vuln.)¹.¹
By downloading, installing, or using WebVigil, you acknowledge and agree to the file in the GitHub project named: LICENSE.md.
---- Legal Markers used:
¹: Depends.