Skip to content
/ ClickjackPoc Public

Seamlessly Detect and Construct Exploit POCs for ClickJacking Vulnerability using this Automated tool

45 stars 9 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Raiders0786/ClickjackPoc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

28 Commits
.gitignore
.gitignore
Β 
Β 
README.md
README.md
Β 
Β 
clickJackPoc.py
clickJackPoc.py
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 
usage.png
usage.png
Β 
Β 

Repository files navigation

🚨 ClickJacking Vulnerability Scanner 🚨

  • This Python-based tool automates the detection of ClickJacking vulnerabilities by scanning a list of targets provided in a file.
  • For each vulnerable target found, it generates an Exploit Proof of Concept (PoC) in the form of an HTML file.
  • The tool is completely working and has been thoroughly tested for reliability and accuracy.

What is ClickJacking? πŸ€”

  • ClickJacking (also known as User Interface redress attack, UI redress attack, or UI redressing) is a malicious technique where a web user is tricked into clicking on something different from what they perceive, potentially revealing confidential information or taking control of their computer while interacting with seemingly harmless web pages.
  • A server that doesn’t return an X-Frame-Options header is vulnerable to ClickJacking attacks. The X-Frame-Options HTTP response header is used to indicate whether a browser should be allowed to render a page within a <frame> or <iframe>.
  • Websites can prevent ClickJacking attacks by using the X-Frame-Options header to ensure their content isn’t embedded in other sites.

Learn more on OWASP

⚑ Features

  • 🎯 Target-Based Scanning: Automatically scans all targets listed in the provided file.
  • πŸ› οΈ Exploit PoC Generation: Creates an HTML-based Proof of Concept (PoC) file for each vulnerable target, saved as TargetName.html.
  • βœ… Comprehensive Reporting: Clearly identifies and prints "Not Vulnerable" for targets that are secure.
  • πŸš€ Multithreading for Speed: Leverages multithreading to perform rapid vulnerability scanning.
  • πŸ”” Slack Integration: Sends real-time Slack alerts with attached PoC files for each vulnerable target.
  • πŸ“ Organized Results: Stores all generated PoC files in a dedicated results folder, each named after the corresponding target.
  • πŸ”§ Robust Error Handling: Includes detailed logging and error management to ensure smooth operation and easy troubleshooting.

Installation:

git clone https://github.com/Raiders0786/ClickjackPoc.git
cd ClickjackPoc
pip install -r requirements.txt

Example:

Example Usage of the Tool

python3 clickJackPoc.py -f domains.txt

1

🎯 Allowed Targets Format:

http://target.com
target.com
www.target.com
https://target.com/
https://IP:Port
IP:Port
http://IP:Port/login
http://www.target.com/directory
https://www.target.com/directory

🌟 Reach Me:

  • πŸ’¬ Tag Me if you get rewarded πŸ’ΈπŸ’°β€”I’d love to hear about your success! πŸ˜„
  • If you find this tool useful, please give it a Star ⭐ and Follow me for more cool projects!
  • Feel free to reach out if you have any suggestions or want to collaborate.
  • ⚠️ Note: This tool is intended for learning purposes only.

Linkedin Twitter Follow

About

Seamlessly Detect and Construct Exploit POCs for ClickJacking Vulnerability using this Automated tool

Topics

automation bug bug-bounty vulnerability security-tools

Resources

Readme
Activity

Stars

45 stars

Watchers

2 watching

Forks

9 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages