Skip to content

/ whoof

Web Browser Hooking Framework. Manage, execute and assess web browser vulnerabilities

BSD-3-Clause License
20 stars 6 forks
Star
Watch
react
9 branches 0 tags
Go to file
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

@compewter
compewter Fix/Immediately accept default value as valid attack input
a11c38f Aug 2, 2018
Fix/Immediately accept default value as valid attack input
a11c38f

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
client
 
 
db
 
 
public
 
 
routes
 
 
.env
 
 
.gitignore
 
 
LICENSE
 
 
README.md
 
 
package-lock.json
 
 
package.json
 
 
server.js
 
 
start-client.js
 
 

README.md

whoof (Web-Browser Hooking Framework)

whoof is an early stage lightweight web browser hooking framework. A web browser hook can be thought of as a backdoor in a web page allowing an attacker to execute commands in the page with or without the visitor noticing. whoof is a web application security tool to manage, execute and assess web browser vulnerabilities.

whoof uses Node/Express server-side, with React/Redux on the client-side.

Hooked browsers are managed via WebSockets.

ss

Check out the wiki for details on features and getting started.

Features

Custom Attacks

Use the attack builder to construct custom attacks on the fly.

screenshot

Execute Arbitrary Commands with the Terminal

Use the terminal to execute arbitrary commands or retrieve data from hooked pages. ss

Easily import/export attacks

One click download an exported attack which can easily be imported in the admin web app.

This repo was built off of and ejected from Facebook's create-react-app

About

Web Browser Hooking Framework. Manage, execute and assess web browser vulnerabilities

Topics

nodejs security framework browser web beef appsec hooking

Resources

Readme

License

BSD-3-Clause License

Releases

No releases published

Packages

No packages published

Languages