Giters

shantanuv09 / Web-Exploit-Toolkit

Web-Exploit-Toolkit AKA WET: A Python-based tool for automated testing of common web vulnerabilities like XSS, CSRF, SQL Injection, HTML Injection, Open Redirect, and Directory Traversal. Supports GET/POST injection, custom payloads, cookie/session authentication, and OS-aware payload optimization. Designed for authorized security testing only.

Repository from Github https://github.comshantanuv09/Web-Exploit-ToolkitRepository from Github https://github.comshantanuv09/Web-Exploit-Toolkit

appseccli-toolclickjackingcsrfcybersecuritydirectory-traversalethical-hackingopen-redirectpython3security-testingsecurity-toolkitsql-injectionvaptweb-exploitationweb-securityweb-vulnerability-scannerxss

Web-Exploit-Toolkit (WET-CLI)

πŸ“Œ Overview

Custom Web Exploit Toolkit is a Python-based CLI tool for automated web vulnerability testing.
It helps penetration testers quickly identify common security flaws with minimal manual intervention.

⚠ For educational and authorized security testing purposes only.
Misuse of this tool is illegal.

πŸ”₯ Features

  • Modules:
    • Reflected XSS (xss)
    • CSRF (csrf)
    • Clickjacking (clickjacking)
    • SQL Injection (sqli) – error, union, and time-based
    • HTML Injection (htmli)
    • Open Redirect (openredirect)
    • Directory Traversal (traversal) – OS-aware payload optimization
  • Injection Modes:
    • URL parameter ({{param}} placeholder)
    • Form-based (auto-discovery)
    • Manual POST/GET injection (--method, --data)
  • Traversal Extras:
    • Quick/Full scan modes
    • OS detection
    • Payload randomization
    • Request throttling
  • Auth Support:
    • --cookie for session handling
    • --header for custom HTTP headers

βš™ Installation

git clone https://github.com/shantanuv09/Web-Exploit-Toolkit.git
cd Web-Exploit-Toolkit
pip install -r requirements.txt

πŸš€ Usage

Single Module Scan (Param-In-URL)

Runs the XSS module by replacing {{param}} in the URL with payloads.

python main.py -u "http://target.com/page.php?input={{param}}" -m xss

Multi-Module Scan (Param-In-URL)

Runs both XSS and SQLi modules.

python main.py -u "http://target.com/page.php?input={{param}}" -m xss sqli

POST Sample Scan (Param-In-POST-Data)

Sends payloads to parameters in POST data.

python main.py -u "http://target.com/form.php" \
  -m sqli \
  --method POST \
  --data "username={{param}}&password=pass123"

Exclusive Flags for Directory-Traversal

Performs full traversal scan with payload order randomized and request throttling enabled.

python main.py -u "http://target.com/file.php" \
  -m traversal \
  --method POST \
  --data "file={{param}}&Submit=Submit" \
  --mode full \
  --throttle 0.2

πŸ“‚ Project Structure

Web-Exploit-Toolkit/
β”‚
β”œβ”€β”€ main.py
β”œβ”€β”€ core/
β”‚   β”œβ”€β”€ scanner.py
β”‚   └── reporter.py
β”œβ”€β”€ modules/
β”‚   β”œβ”€β”€ csrf.py
β”‚   β”œβ”€β”€ clickjacking.py
β”‚   β”œβ”€β”€ xss.py
β”‚   β”œβ”€β”€ sqli.py
β”‚   β”œβ”€β”€ htmli.py
β”‚   β”œβ”€β”€ openredirect.py
β”‚   └── traversal.py
β”œβ”€β”€ payloads/
β”‚   β”œβ”€β”€ xss/reflected.txt
β”‚   β”œβ”€β”€ sqli/
β”‚   β”œβ”€β”€ traversal/deep_traversal.txt
β”‚   └── ...
└── requirements.txt

πŸ›‘ Legal Disclaimer

This tool is intended for authorized penetration testing and educational purposes only. Unauthorized use against systems without permission is illegal and punishable under applicable laws.

About

Web-Exploit-Toolkit AKA WET: A Python-based tool for automated testing of common web vulnerabilities like XSS, CSRF, SQL Injection, HTML Injection, Open Redirect, and Directory Traversal. Supports GET/POST injection, custom payloads, cookie/session authentication, and OS-aware payload optimization. Designed for authorized security testing only.

appseccli-toolclickjackingcsrfcybersecuritydirectory-traversalethical-hackingopen-redirectpython3security-testingsecurity-toolkitsql-injectionvaptweb-exploitationweb-securityweb-vulnerability-scannerxss

Languages

Language:Python 100.0%