Changelog v0.2.0 :
– Now, VWGen can also be one of Tsaotun’s addon.
VWGen is a python script for Vulnerable Web applications Generator.
1. Supporting very limited modules, such as SQLI, NOSQLI, LFI, CRLF, Command Injection and XSS.
2. There are two important modules which play essential role in deploying vulnerable web apps.
*** unfilter module scrap the sites and find the keywords to be replaced by parameters.
*** expand module learn the sites and try to rearrange the elements to let child modules insert their payloads within it.
3. Only two themes right now.
4. Python3 is currently not supported!
5. –file option works, but it still needs some developing. Example command: ./VWGen.py
1. Install docker binary. Only versions 1.11.0 above supported.
2. Pull fundamental images that we gonna use with VWGen:
+-+ docker pull richarvey/nginx-php-fpm:php5
+-+ docker pull richarvey/nginx-php-fpm:php7
+-+ docker pull mysql:5
+-+ docker pull phpmyadmin/phpmyadmin:18.104.22.168-1
+-+ docker pull node:7
3. Install lxml: apt-get install python-lxml.
4. Install packages:
+-+ pip install -r requirements.txt
+-+ If you have error like Could not run curl-config: [Errno 2] No such file or directory, solve the problem with apt-get install libcurl4-openssl-dev.
5. Clone VWGen and type ./VWGen.py --help or check below for details.
git clone https://github.com/qazbnm456/VWGen && cd VWGen