WebPloit is a Web Application vulnerability testing automation tool, which would focus on providing a user friendly experience along with fast and automated testing.
To develop a tool capable of assessing security vulnerabilities in web applications.
- Initially we will create a terminal interface where a user could provide a url, the url will be used by our app for further reconnaissance i.e. subdomain enumeration.
- The second phase will be to create a admin interface where the user could see all the subdomains found that are being scanned for vulnerabilities.We could add additional features to enhance the user experience.
- The last phase would be to create a frontend that is user friendly so that people with non technical backgrounds can understand what is going on. Also, This could help us further turn this app into a potential startup.
- Reflected
- Reflected XSS
- Stored XSS
- DOM-based XSS
UNIONbased SQL- Blind SQL injection
The technologies we could be using are
- Python
- Django
- git
- MongoDB
- ReactJS
- Any other necessary framework or technology
- Automated Testing
- UI experience with a frontend
- A database that could maintain all the records
We plan to use to give options such as Discord integration or sending an email to your work account regarding any alert or notification generated by the system.
User could install Discord app on their mobile phone. There would be a discord bot connected to the backend of the app. A user could simply give commands to the bot using simple text messages ! For example a user could send the text Domain --name au.edu.pk and the bot will send this message to the backend of the app (which is live on a server) and the app will check for all the available domains and return the result to their mobile app !
So this means everything could be done using a simple mobile app !
- Research
- Studying and understanding the relevant technologies
- Static front-end (initial phase)
- Developing initial API's
- Reconnaissance
- Implementing Vulnerability assessment logic
- Creating a payload database
- Automating the exploitation phase
- Assessing & Evaluating the vulnerabilities
- Improving & Enhancing
- Generating Reports
- Adding User Sign-up and Sign-In functionality
The technologies mentioned above are just tools that we are using to achieve our goal i.e. Automating Vulnerability testing. So, these tools could change in future according to the needs of our project.We could be using additional technologies in the future that are not mentioned here.
The goal of our project will not change.