Skip to content
/ Web-Exploit-Toolkit Public

Web-Exploit-Toolkit AKA WET: A Python-based tool for automated testing of common web vulnerabilities like XSS, CSRF, SQL Injection, HTML Injection, Open Redirect, and Directory Traversal. Supports GET/POST injection, custom payloads, cookie/session authentication, and OS-aware payload optimization. Designed for authorized security testing only.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

shantanuv09/Web-Exploit-Toolkit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.idea
.idea
 
 
core
core
 
 
modules
modules
 
 
payloads
payloads
 
 
README.md
README.md
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Web-Exploit-Toolkit (WET-CLI)

📌 Overview

Custom Web Exploit Toolkit is a Python-based CLI tool for automated web vulnerability testing.
It helps penetration testers quickly identify common security flaws with minimal manual intervention.

For educational and authorized security testing purposes only.
Misuse of this tool is illegal.

🔥 Features

  • Modules:
    • Reflected XSS (xss)
    • CSRF (csrf)
    • Clickjacking (clickjacking)
    • SQL Injection (sqli) – error, union, and time-based
    • HTML Injection (htmli)
    • Open Redirect (openredirect)
    • Directory Traversal (traversal) – OS-aware payload optimization
  • Injection Modes:
    • URL parameter ({{param}} placeholder)
    • Form-based (auto-discovery)
    • Manual POST/GET injection (--method, --data)
  • Traversal Extras:
    • Quick/Full scan modes
    • OS detection
    • Payload randomization
    • Request throttling
  • Auth Support:
    • --cookie for session handling
    • --header for custom HTTP headers

⚙ Installation

git clone https://github.com/shantanuv09/Web-Exploit-Toolkit.git
cd Web-Exploit-Toolkit
pip install -r requirements.txt

🚀 Usage

Single Module Scan (Param-In-URL)

Runs the XSS module by replacing {{param}} in the URL with payloads.

python main.py -u "http://target.com/page.php?input={{param}}" -m xss

Multi-Module Scan (Param-In-URL)

Runs both XSS and SQLi modules.

python main.py -u "http://target.com/page.php?input={{param}}" -m xss sqli

POST Sample Scan (Param-In-POST-Data)

Sends payloads to parameters in POST data.

python main.py -u "http://target.com/form.php" \
  -m sqli \
  --method POST \
  --data "username={{param}}&password=pass123"

Exclusive Flags for Directory-Traversal

Performs full traversal scan with payload order randomized and request throttling enabled.

python main.py -u "http://target.com/file.php" \
  -m traversal \
  --method POST \
  --data "file={{param}}&Submit=Submit" \
  --mode full \
  --throttle 0.2

📂 Project Structure

Web-Exploit-Toolkit/
│
├── main.py
├── core/
│   ├── scanner.py
│   └── reporter.py
├── modules/
│   ├── csrf.py
│   ├── clickjacking.py
│   ├── xss.py
│   ├── sqli.py
│   ├── htmli.py
│   ├── openredirect.py
│   └── traversal.py
├── payloads/
│   ├── xss/reflected.txt
│   ├── sqli/
│   ├── traversal/deep_traversal.txt
│   └── ...
└── requirements.txt

🛡 Legal Disclaimer

This tool is intended for authorized penetration testing and educational purposes only. Unauthorized use against systems without permission is illegal and punishable under applicable laws.

About

Web-Exploit-Toolkit AKA WET: A Python-based tool for automated testing of common web vulnerabilities like XSS, CSRF, SQL Injection, HTML Injection, Open Redirect, and Directory Traversal. Supports GET/POST injection, custom payloads, cookie/session authentication, and OS-aware payload optimization. Designed for authorized security testing only.

Topics

xss python3 cybersecurity sql-injection csrf web-security web-vulnerability-scanner appsec clickjacking ethical-hacking directory-traversal web-exploitation cli-tool security-testing open-redirect vapt security-toolkit

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Languages