Share
## https://sploitus.com/exploit?id=4574E8D1-D21A-5445-A4E2-40761C2058FE
# Web Exploitation Arsenal v1.0
A comprehensive, modular web application security testing framework with a built-in GUI, CLI exploit framework, and automated HTML report generation. Designed for authorized penetration testing, vulnerability assessments, and security research.
> โ ๏ธ **Disclaimer**: This tool is intended for authorized security testing only. Always obtain proper permission before scanning any target.
---
## Features
- **40+ Security Modules** covering a wide range of web vulnerabilities
- **GUI Dashboard** โ built with Tkinter for easy point-and-click scanning
- **CLI Exploit Framework** โ for command-line driven exploitation and testing
- **CVSS 3.1 Scoring** โ automated risk scoring for all findings
- **HTML Report Generation** โ professional, client-ready vulnerability reports
- **Modular Architecture** โ easy to extend with new scanners and modules
- **Multi-threaded Scanning** โ concurrent execution for faster assessments
- **Batch Target Support** โ scan multiple targets in one run
---
## Included Modules
### Injection
- SQL Injection (Classic & Blind)
- NoSQL Injection
- Command Injection
- Server-Side Template Injection (SSTI)
- XML External Entity (XXE)
- Host Header Injection
- HTTP Request Smuggling
### Cross-Site
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- CORS Misconfiguration
- Prototype Pollution
### Authentication & Session
- Broken Authentication
- JWT Analyzer
- Insecure Direct Object References (IDOR)
- Cookie Security Analyzer
- Rate Limit Tester
### Information Disclosure
- Open Redirect
- File Upload Vulnerabilities
- Local File Inclusion (LFI)
- Server-Side Request Forgery (SSRF)
- Information Disclosure Scanner
- Cache Poisoning
### Reconnaissance & Enumeration
- Subdomain Enumeration
- DNS Deep Enumeration
- Port Scanner
- Directory Bruteforce
- Certificate Transparency Monitoring
- Technology Fingerprinting
- Web Crawler
- CMS Detector
### Infrastructure & Config
- SSL/TLS Configuration Checker
- Security Headers Analyzer
- HTTP Methods Audit
- WAF Detection
- WebSocket Security Tester
- GraphQL Security Checker
- API Security Scanner
- CVE Scanner
- Dependency Checker
### Exploitation
- Reverse Shell Generator
- Web Shell Manager
---
## Installation
### Requirements
- Python 3.8+
- Windows (tkinter is built-in)
- PyInstaller 5.0+ (for building portable executables)
### Setup
```bash
pip install -r requirements.txt
python setup.py install
```
---
## Usage
### GUI Mode
```bash
python main.py
```
### CLI Exploit Framework
```bash
python -m exploit_framework --target --module
```
### Build Portable Executable
```bash
python build_portable.py
```
---
## Project Structure
```
WebExploitationArsenal/
โโโ core/ # Scan engine and configuration
โโโ exploit_framework/ # CLI exploitation tools
โโโ gui/ # Tkinter GUI components
โโโ modules/ # 40+ security scanner modules
โโโ exploits/ # Exploit payloads and scripts
โโโ payloads/ # Attack payload collections
โโโ wordlists/ # Fuzzing and brute-force wordlists
โโโ data/ # Configuration and data files
โโโ reports/ # Generated HTML/PDF reports
โโโ icons/ # Application icons
โโโ utils/ # Helper utilities
โโโ main.py # GUI entry point
โโโ setup.py # Package setup
โโโ build_portable.py # PyInstaller build script
```
---
## License
Copyright ยฉ 2026 THOTH SECURITY. See [LICENSE.txt](LICENSE.txt) for details.
---
## Author
**THOTH SECURITY**
---