ClickJackPoc

This tool will help you automate finding Clickjacking Vulnerability by just passing a file containing list of Targets .
Once the Target is Found Vulnerable It will generate the Exploit Proof of Conepet(PoC) for each Vulnerable targets.

What is Clickjacking ?

Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a or .</li> <li>Sites can use "X-Frame-Options" in the headers to avoid clickjacking attacks by ensuring that their content is not embedded into other sites.</li> <li><a href="https://owasp.org/www-community/attacks/Clickjacking" rel="nofollow">Reference</a></li> </ul> <h2 dir="auto"><a id="user-content-installation" class="anchor" aria-hidden="true" href="#installation"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Installation:</h2> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="git clone https://github.com/Raiders0786/ClickjackPoc.git cd ClickjackPoc pip install -r requirements.txt"> <pre><code>git clone https://github.com/Raiders0786/ClickjackPoc.git cd ClickjackPoc pip install -r requirements.txt </code></pre> </div> <h2 dir="auto"><a id="user-content-example" class="anchor" aria-hidden="true" href="#example"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Example:</h2> <p dir="auto">Example Usage of the Tool</p> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="python3 clickJackPoc.py -f domains.txt"> <pre><code>python3 clickJackPoc.py -f domains.txt </code></pre> </div> <p dir="auto"><a target="_blank" rel="noopener noreferrer" href="https://github.com/Raiders0786/ClickjackPoc/raw/master/usage.png"><img src="https://github.com/Raiders0786/ClickjackPoc/raw/master/usage.png" alt="1" style="max-width: 100%;"></a></p> <h2 dir="auto"><a id="user-content-allowed-targets-format" class="anchor" aria-hidden="true" href="#allowed-targets-format"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Allowed Targets Format:</h2> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="http://target.com target.com www.target.com https://tartget.com/ https://IP:Port IP:Port http://IP:Port/login http://www.target.com/directory https://www.target.com/directory"> <pre><code>http://target.com target.com www.target.com https://tartget.com/ https://IP:Port IP:Port http://IP:Port/login http://www.target.com/directory https://www.target.com/directory </code></pre> </div> <h2 dir="auto"><a id="user-content-benefits" class="anchor" aria-hidden="true" href="#benefits"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Benefits:</h2> <ul dir="auto"> <li>It will take all the targets from the file passed.</li> <li>Make the exploit Poc by creating a HTML File with <code>TargetName.html</code> as the Output.</li> <li>Will Print <code>Not Vulnerable</code> if Target is not Vulnerable.</li> </ul> <h2 dir="auto"><a id="user-content-reach-me-" class="anchor" aria-hidden="true" href="#reach-me-"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Reach Me :</h2> <ul dir="auto"> <li><code>Do Tag Me if you get Rewarded💸💰 , Will be Very Happy to hear that 😄 !</code></li> <li>Do Give it a <code>Star</code> if you like it & <code>Follow</code> me for more such stuffs!</li> <li>Let me know if you have any Suggestion's or want to Collaborate.</li> <li>This tool is made for Learning Purpose !</li> </ul> <p dir="auto"><a href="https://www.linkedin.com/in/chirag-agrawal-770488144/" rel="nofollow"><img src="https://camo.githubusercontent.com/a80d00f23720d0bc9f55481cfcd77ab79e141606829cf16ec43f8cacc7741e46/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c696e6b6564496e2d3030373742353f7374796c653d666f722d7468652d6261646765266c6f676f3d6c696e6b6564696e266c6f676f436f6c6f723d7768697465" alt="Linkedin" style="height: 60px; width: 170px; max-width: 100%;" data-canonical-src="https://img.shields.io/badge/LinkedIn-0077B5?style=for-the-badge&logo=linkedin&logoColor=white"></a> <a target="_blank" rel="noopener noreferrer" href="https://camo.githubusercontent.com/c4beccd946d3d75029f0f1755d7b758604ad25a83cd668e06eed6646b99b7108/68747470733a2f2f696d672e736869656c64732e696f2f747769747465722f666f6c6c6f772f5f5f526169646572733f7374796c653d736f6369616c"><img alt="Twitter Follow" src="https://camo.githubusercontent.com/c4beccd946d3d75029f0f1755d7b758604ad25a83cd668e06eed6646b99b7108/68747470733a2f2f696d672e736869656c64732e696f2f747769747465722f666f6c6c6f772f5f5f526169646572733f7374796c653d736f6369616c" width="250" height="50" data-canonical-src="https://img.shields.io/twitter/follow/__Raiders?style=social" style="max-width: 100%;"></a></p>

Automated tool to find & created Exploit Poc for Clickjacking Vulnerability

Related tags

Overview

ClickJackPoc

What is Clickjacking ?

Owner

Chirag Agrawal

Bandit is a tool designed to find common security issues in Python code.

Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228

Tool to check if your DNS comply to Polish Ministry of Finance gambling domains restrictions

Website OSINT untuk mencari informasi dari email dan nomor telepon. Dibuat dengan React dan Flask.

A tool to extract the IdP cert from vCenter backups and log in as Administrator

Multi-Process Vulnerability Tool

An Advanced Local Network IP Scanner, made in python of course!

Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10

A BurpSuite extension to parse 5GC NF OpenAPI 3.0 files to assess 5G core networks

一款辅助探测Orderby注入漏洞的BurpSuite插件，Python3编写，适用于上xray等扫描器被ban的场景

Notebooks, slides and dataset of the CorrelAid Machine Learning Winter School

Make files with as many random bytes as you want

Log4Shell Proof of Concept (CVE-2021-44228)

Automated tool to find & created Exploit Poc for Clickjacking Vulnerability

Having a weak password is not good for a system that demands high confidentiality and security of user credentials

Generate obfuscated meterpreter shells

Script for automatic dump and brute-force passwords using Volatility Framework

Instagram brute force tool that uses tor as its proxy connections

Scans for Log4j versions effected by CVE-2021-44228