Cazador – WebApp Pentest Toolkit

Comments Off on Cazador – WebApp Pentest Toolkit

Cazador is Web Application Penetration toolkit for bug bounty hunters.

Tools Featured

Listeners

  • HTTP Server
  • DNS Server
  • TCP Server
  • POSTMessage Hooker
  • Websocket Hooker

Analysiz

  • HTTP/JS-Files/Binary Analyze
  • Analyze Files (Binary , Metadata, Text files, Js sinks)

Net Tools

  • Get DNS Records
  • Resolve Hosts
  • Reverse IPs
  • Passive DNS
  • DNS History

Text Tools

  • Text Processing
  • Block construct
  • Format generator
  • pattern creation
  • Encrypt/Decrypt data
  • Hash Identification
  • Crackers
  • Payload Generators
  • Encoders/Decoders
  • Poc Generators (Python , bash , HTML)

Recon

  • Get Websites ScreenShots
  • GET Subdomains (Scrabbing , Minning , DNS-brute-force,Http-brute-force)
  • Site categorizer
  • s3/GC bucket enumeration
  • Github Lister
  • Ip History

Scanners

  • Detect Misconfiguration
  • Port/vulnerability/ssl scanner
  • Vulnerability Exploiters
  • Waf Detection

Scrabbers

  • Download Android apps (APK)
  • Travis-CI logs fetching

Tools discussed separately here

[Dig] [scanner] [TcpListener]
[FileMiner]
[Subscrabber] [Hpinger]

virustotal Scan result

if the app is not working proberly , Download this archive dlls.zip and extract the dll files , put them in application folder , beside the executable file

Some notes:

  • This tool is meant primarily for bug hunnters (specially beginers).
  • This tool is not backdoored with any malicious software/tracking .
  • This tool contains bugs more than features so use it carefully.
  • Connections are issued using the .Net (SystemDotWeb) which is slow and limited by design , consider using many threads, this will be replaced with another solution.
  • Memory is not carefully managed so be carefull , do not use all the tools at the same time.
  • Do not use it illegally
  • Tools starting with _ are not built yet , i added buttons to remmember writing them so i could build them in future, hence no need to reverse engineer the tool in order to enable them , if you have time feel free to do it no problem.
  • Many third-parties are used without permitssion no APIS used.
  • The source code is not published because the tool is a beta and the code is uggly and worse than my hand writing.
  • Project is planned to be open-source with the first release.
  • Suggestions are deeply welcome.
  • Credits are reserved for all authors and third-parties.

Download cazador

Related Articles

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
Live Chat
RESOURCES
Get Started
TOOLBOX
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress