• Stars
    star
    1,354
  • Rank 34,700 (Top 0.7 %)
  • Language
    Python
  • License
    Other
  • Created almost 7 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

alt tag

ABOUT:

BlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities.

DEMO VIDEO:

BlackWidow Demo

FEATURES:

  • Automatically collect all URL's from a target website
  • Automatically collect all dynamic URL's and parameters from a target website
  • Automatically collect all subdomains from a target website
  • Automatically collect all phone numbers from a target website
  • Automatically collect all email addresses from a target website
  • Automatically collect all form URL's from a target website
  • Automatically scan/fuzz for common OWASP TOP vulnerabilities
  • Automatically saves all data into sorted text files

LINUX INSTALL:

sudo bash install.sh

USAGE:

blackwidow -u https://target.com - crawl target.com with 3 levels of depth.
blackwidow -d target.com -l 5 -v y - crawl the domain: target.com with 5 levels of depth with verbose logging enabled.
blackwidow -d target.com -l 5 -c 'test=test' - crawl the domain: target.com with 5 levels of depth using the cookie 'test=test'
blackwidow -d target.com -l 5 -s y -v y - crawl the domain: target.com with 5 levels of depth and fuzz all unique parameters for OWASP vulnerabilities with verbose logging on.
injectx.py -u https://test.com/uers.php?user=1&admin=true -v y - Fuzz all GET parameters for common OWASP vulnerabilities with verbose logging enabled.

SAMPLE REPORT:

alt tag

DOCKER:

git clone https://github.com/1N3/BlackWidow.git
cd BlackWidow
docker build -t blackwidow .
docker run -it blackwidow # Defaults to --help

LICENSE:

You may modify and re-distribute this software as long as the project name "BlackWidow", credit to the author "xer0dayz" and website URL "https://sn1persecurity.com" are NOT mofified. Doing so will break the license agreement and a takedown notice will be issued.

DISCLAIMER:

This program is used for educational and ethical purposes only. I take no responsibility for any damages caused from using this program. By downloading and using this software, you agree that you take full responsibility for any damages and liability.

LINKS:

More Repositories

1

Sn1per

Attack Surface Management Platform
Shell
7,009
star
2

BruteX

Automatically brute force all services running on a target.
Shell
1,741
star
3

Findsploit

Find exploits in local and online databases instantly
Shell
1,499
star
4

PrivEsc

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
C
913
star
5

Goohak

Automatically Launch Google Hacking Queries Against A Target Domain
Shell
679
star
6

ReverseAPK

Quickly analyze and reverse engineer Android packages
Shell
645
star
7

Wordpress-XMLRPC-Brute-Force-Exploit

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield
Python
431
star
8

MassBleed

MassBleed SSL Vulnerability Scanner
Shell
235
star
9

Exploits

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity
Python
188
star
10

PRISM-AP

An automated Wireless RogueAP MITM attack framework.
Shell
156
star
11

XSSTracer

A small python script to check for Cross-Site Tracing (XST)
Python
137
star
12

HTTPoxyScan

HTTPoxy Exploit Scanner by 1N3 @CrowdShield
Python
104
star
13

PowerExfil

A collection of data exfiltration scripts for Red Team assessments.
PowerShell
86
star
14

AttackSurfaceManagement

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Shell
66
star
15

SuperMicro-Password-Scanner

Supermicro IPMI/BMC Cleartext Password Scanner
Shell
40
star
16

CloudHunter

Find unreferenced AWS S3 buckets which have CloudFront CNAME records pointing to them
Python
33
star
17

1N3

Founder of @Sn1perSecurity LLC. Creator of Sn1per. Top 20 worldwide on @bugcrowd in 2016. OSCE/OSCP/CISSP/Security+
22
star
18

CTF-Writeups

CTF Writeups
17
star