• Stars
    star
    188
  • Rank 205,563 (Top 5 %)
  • Language
    Python
  • License
    MIT License
  • Created over 3 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

WARF is a Web Application Reconnaissance Framework that helps to gather information about the target.

WARF: Web Application Reconnaissance Framework

version python django platform

Dashboard

Try WARF

Username: demo
Password: demopass

⚠️ Since Heroku apps run in a lightweight container called dynos, so any changes to the filesystem while the dyno is running only last until that dyno is shut down or restarted. This operation causes the saved scan results to get deleted from the server and hence you won't be able to see the saved results. Due to this limitation of file storage, the live version of app deployed in Heroku is not stable and might throw errors while performing some operations.

Table of Contents

About WARF

WARF is a Recon framework for the web application. It comprises different tools to perform information gathering on the target such as subdomain enumeration, directory Bruteforce, gathering all sorts of endpoints like Wayback URLs, JS URLs, endpoints from JS files, API/Secret keys, etc.

WARF is highly customizable and allows you to perform a full scan or individual scan on the target. It accumulates the results and shows them in a powerful DataTable through which you can narrow down your searches. WARF also give you the option to add and save target individually and perform different scans on them.

With a Dashboard, you will quickly get the metrics of your activity. WARF confined all your targets together and provide you with a clean and efficient way to search them down with their names.

Main Features

  • Subdomain Enumeration
  • Directory BruteForce
  • Gather Wayback URLs
  • Gather JavaScript URLs
  • Extract links from JS files
  • Extract API/Secret Keys from JS files
  • Supports Background Scan

Screenshots

FullScan

fullscan

Subdomain Enumeration

subdomain

Add Target

target

View Target

target2

View Details

targetview

View Result

result

Installation

You can install WARF in two ways:-

  • By creating a python virtual environment and git cloning the repository.

  1. Create a virtualenv:
$ python3 -m venv <virtual env path>
  1. Activate the virtualenv you have just created:
$ source <virtual env path>/bin/activate
  1. Clone this repository:
$ git clone https://github.com/iamnihal/warf.git
  1. Install the requirements:
$ pip install -r requirements.txt
  1. Apply migrations:
$ python manage.py migrate
  1. Run the server:
$ python manage.py runserver

and load the app at http://127.0.0.1:8000

  • Using Docker

If you don't have Docker installed on your system, you can follow up with the official Docker installation guide.

  1. Start by cloning the repository:
$ git clone https://github.com/iamnihal/warf.git
  1. Build the Docker image:
$ docker build -t warf .
  1. Build and run Docker container:
$ docker run --name warf -d -p 8000:8000 warf

and now your app is ready to launch at http://127.0.0.1:8000

⚠️ Warning:- Change SECRET_KEY in settings.py for the security purpose. To generate your own SECRET_KEY, use this:-

python -c "import secrets; print(secrets.token_urlsafe())"

Contributing

If you want to contribute to this project and make it better, your help is very welcome. As this is my first ever project in Django, there could exist a lot of caveats and other coding related issues. Your contribution to this project helps me to learn and inspire to build more awesome projects in future. Contributing is also a great way to learn more about social coding on Github, new technologies and and their ecosystems. Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

License

Distributed under the MIT License. See LICENSE for more information.

Acknowledgements and Credits

All the tools in WARF have been created by these awesome people:

  1. Sublist3r:- aboul3la
  2. github-subdomain.py:- gwen001
  3. Dirsearch:- maurosoria
  4. SecretFinder:- m4ll0k
  5. Linkfinder:- GerbenJavado

More Repositories

1

extractor

A utility to extract Email, IP, Phone Number (Indian), and URL from a file using Regular Expressions.
Shell
5
star
2

ApkRF

ApkRF: Android Package Reconnaissance Framework
Python
4
star
3

voot

A script to automate the process of Voting to BB contestant.
Python
3
star
4

dumpUrlandJS

Fetch URLs and JS files from the given hosts.
Shell
2
star
5

cricbuzz

This will fetch the list of live matches and runs from cricbuzz website using Regular Expressions.
Shell
2
star
6

wallpaperplay

A small script that download High Quality wallpapers from wallpaperplay.com
Shell
2
star
7

encodecode

Encode/Decode URL, Bas64, HTML Entities, MD5, and lot others.
HTML
1
star
8

Coronavirus-Tracking

Coronavirus Tracking Script
Shell
1
star
9

StatusCode

StatusCode will check the HTTP status code of URLs from a given file.
Shell
1
star
10

YouSort

Sort trending youtube videos based on rating (Like/Dislike)
Python
1
star
11

dot-files

My .vimrc file
Shell
1
star
12

chatApp

HTML
1
star
13

encodecode-js

Encode/Decode URL, Bas64, HTML Entities, MD5, and lot others but using JavaScript.
HTML
1
star
14

subsy

Subtitles Downloader
Python
1
star
15

Hostel-Library

Hostel Library is a Web App developed using Django Framework
HTML
1
star
16

C_Cryptography

A very simple cryptography program written in C. It uses the concept of Caesar Cipher technique which is one of the most simple and famous encryption system in the world of Cryptography.
C
1
star
17

test-workflow

Test
1
star
18

unix-file-permission-changer

When I was new to unix world, I was struggling to make out the changes to the file's permission. Taking this into account, I created a small tool that helps you to change the file permission in a very friendly way. :)
Shell
1
star
19

MYLLE

MYLLE is the abbreviation for "Make Your Linux Life Easier". It is a small program written in shell scripting which will do some of the common linux tasks in a more friendly way.
Shell
1
star