WebApp Exploit Hunter
Automated web vulnerability scanner and exploit generator.
What It Does
Crawls web applications, tests for common vulnerability classes (SQLi, XSS, SSRF, IDOR, SSTI, auth bypass, file upload, race conditions), generates working proof-of-concept scripts, and produces structured vulnerability reports. Includes WAF evasion and JavaScript attack surface extraction.
Scripts
| Script | Description |
|---|---|
crawler | Spider-based crawler — discovers endpoints, forms, params, and link depth |
sqli_tester | SQL injection testing across all injection contexts (GET, POST, Cookie, Header) |
xss_tester | Cross-site scripting — reflected, stored, DOM-based, and blind XSS |
ssrf_tester | Server-side request forgery — internal port scanning, cloud metadata, file reads |
idor_tester | Insecure direct object reference — ID enumeration, role bypass, UUID prediction |
ssti_tester | Server-side template injection across Jinja2, Twig, Freemarker, and ERB |
auth_tester | Authentication bypass — token manipulation, race conditions, logic flaws |
upload_tester | File upload testing — extension bypass, content-type manipulation, polyglots |
race_tester | Race condition testing — TOCTOU, limit-overrun, parallel request collisions |
waf_bypasser | WAF evasion techniques — encoding, chunking, parameter pollution |
js_surface_extractor | JavaScript static analysis — endpoints, secrets, API keys in bundled JS |
generate_poc | Proof-of-concept generator from confirmed findings |
vuln_report | Structured vulnerability report with CVSS scoring and remediation guidance |
When to Use
Use after reconnaissance identifies live web targets. Run the crawler first, then feed discovered endpoints into individual testers based on the tech stack.
Usage
RedTeamScript(skill="webapp-exploit-hunter", script="sqli_tester", args="--url https://example.com/products?id=1 --output sqli.json")