Web-Exploit-Toolkit (WET-CLI)

📌 Overview

Custom Web Exploit Toolkit is a Python-based CLI tool for automated web vulnerability testing.
It helps penetration testers quickly identify common security flaws with minimal manual intervention.

⚠ For educational and authorized security testing purposes only.
Misuse of this tool is illegal.

🔥 Features

Modules:
- Reflected XSS (xss)
- CSRF (csrf)
- Clickjacking (clickjacking)
- SQL Injection (sqli) – error, union, and time-based
- HTML Injection (htmli)
- Open Redirect (openredirect)
- Directory Traversal (traversal) – OS-aware payload optimization
Injection Modes:
- URL parameter ({{param}} placeholder)
- Form-based (auto-discovery)
- Manual POST/GET injection (--method, --data)
Traversal Extras:
- Quick/Full scan modes
- OS detection
- Payload randomization
- Request throttling
Auth Support:
- --cookie for session handling
- --header for custom HTTP headers

⚙ Installation

git clone https://github.com/shantanuv09/Web-Exploit-Toolkit.git
cd Web-Exploit-Toolkit
pip install -r requirements.txt

🚀 Usage

Single Module Scan (Param-In-URL)

Runs the XSS module by replacing {{param}} in the URL with payloads.

python main.py -u "http://target.com/page.php?input={{param}}" -m xss

Multi-Module Scan (Param-In-URL)

Runs both XSS and SQLi modules.

python main.py -u "http://target.com/page.php?input={{param}}" -m xss sqli

POST Sample Scan (Param-In-POST-Data)

Sends payloads to parameters in POST data.

python main.py -u "http://target.com/form.php" \
  -m sqli \
  --method POST \
  --data "username={{param}}&password=pass123"

Exclusive Flags for Directory-Traversal

Performs full traversal scan with payload order randomized and request throttling enabled.

python main.py -u "http://target.com/file.php" \
  -m traversal \
  --method POST \
  --data "file={{param}}&Submit=Submit" \
  --mode full \
  --throttle 0.2

📂 Project Structure

Web-Exploit-Toolkit/
│
├── main.py
├── core/
│   ├── scanner.py
│   └── reporter.py
├── modules/
│   ├── csrf.py
│   ├── clickjacking.py
│   ├── xss.py
│   ├── sqli.py
│   ├── htmli.py
│   ├── openredirect.py
│   └── traversal.py
├── payloads/
│   ├── xss/reflected.txt
│   ├── sqli/
│   ├── traversal/deep_traversal.txt
│   └── ...
└── requirements.txt

🛡 Legal Disclaimer

This tool is intended for authorized penetration testing and educational purposes only.
Unauthorized use against systems without permission is illegal and punishable under applicable laws.

shantanuv09/Web-Exploit-Toolkit