Webslayer is a tool designed for brute forcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts,files, etc), brute force GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc. The tools has a payload generator and an easy and powerful results analyzer.

You can perform attacks like:

  • Predictable resource locator, recursion supported (Discovery)

  • Login forms brute force

  • Session brute force

  • Parameter brute force

  • Parameter fuzzing and injection (XSS, SQL)

  • Basic and Ntml authentication brute forcing

Some features:

  • Recursion

  • Encodings: 15 encodings supported

  • Authentication: supports Ntml and Basic

  • Multiple payloads: you can use 2 payloads in different parts

  • Proxy support (authentication supported)

  • For predictable resource location it has: Recursion, common extensions, non standard code detection

  • Multiple filters for improving the performance and for producing cleaner results

  • Live filters

  • Multithreads

  • Session saving

  • Integrated browser (webKit)

  • Time delay between requests

  • Attack balancing across multiple proxies

  • Predefined dictionaries for predictable resource location, based on known servers

Example : Generating Payload

cyborg@cyborg:~$ sudo webslayer

Goto Payload Generator > Permutation > Enter Charset > Enter Width > Add Generator 

Now Enter Pattern in format fo [@ name of temporal generators @] in our case name of temporal generator is PPerm00 so Pattern in [@PPerm00@] 

Click 'Generate Payload'

webslayer WEBsLayer

Leave a reply


We're are building as a community and a team. Be a part of it.


©2018 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?