Skip to content

defensahacker/bob-inject

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
README.md
README.md
 
 
USERAGENTS.txt
USERAGENTS.txt
 
 
bob-inject
bob-inject
 
 
db_dirs
db_dirs
 
 
db_files
db_files
 
 
db_shortnames
db_shortnames
 
 
db_suffixes_app
db_suffixes_app
 
 
db_suffixes_sub
db_suffixes_sub
 
 
dict_guess.sh
dict_guess.sh
 
 
dict_guess_extbruteforce.sh
dict_guess_extbruteforce.sh
 
 
wordpress_scan.sh
wordpress_scan.sh
 
 

Repository files navigation

bob-inject

Intro

bob-inject is the first web scanner able to mutate the URLS and inject payloads into the URL to find undiscovered bugs and security errors in web platforms.

It's use is RESTRICTED only for educational purposes or for pentesting professionals doing a pentest against a web platform with authorization.

bob-inject is perfect to pentest against SSTI, REST webserices, ASP appications, IIS webserver, etc.

It is an open source tool, I have added some useful payloads (batteries included) but you can easily add yours or contact me for a detailed and powerful payload list.

Modes

  1. Useful dirs
  2. Useful files
  3. inject sufixes payloads
  4. inject REST API (enumeration or sql inject)
  5. inject IIS shortnames

Usage

./bob-inject http://www.example.com/admin index.php

(c) defensahacker 2018

About

Webapp path discovery and fuzzer

Topics

pwntools bugbounty pentest-tool pentesting-tools

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages