/warf

WARF is a Web Application Reconnaissance Framework that helps to gather information about the target.

Primary LanguagePythonMIT LicenseMIT

WARF: Web Application Reconnaissance Framework

version python django platform

Dashboard

Username: demo
Password: demopass

⚠️ Since Heroku apps run in a lightweight container called dynos, so any changes to the filesystem while the dyno is running only last until that dyno is shut down or restarted. This operation causes the saved scan results to get deleted from the server and hence you won't be able to see the saved results. Due to this limitation of file storage, the live version of app deployed in Heroku is not stable and might throw errors while performing some operations.

Table of Contents

About WARF

WARF is a Recon framework for the web application. It comprises different tools to perform information gathering on the target such as subdomain enumeration, directory Bruteforce, gathering all sorts of endpoints like Wayback URLs, JS URLs, endpoints from JS files, API/Secret keys, etc.

WARF is highly customizable and allows you to perform a full scan or individual scan on the target. It accumulates the results and shows them in a powerful DataTable through which you can narrow down your searches. WARF also give you the option to add and save target individually and perform different scans on them.

With a Dashboard, you will quickly get the metrics of your activity. WARF confined all your targets together and provide you with a clean and efficient way to search them down with their names.

Main Features

  • Subdomain Enumeration
  • Directory BruteForce
  • Gather Wayback URLs
  • Gather JavaScript URLs
  • Extract links from JS files
  • Extract API/Secret Keys from JS files
  • Supports Background Scan

Screenshots

FullScan

fullscan

Subdomain Enumeration

subdomain

Add Target

target

View Target

target2

View Details

targetview

View Result

result

Installation

You can install WARF in two ways:-

  • By creating a python virtual environment and git cloning the repository.

  1. Create a virtualenv:
$ python3 -m venv <virtual env path>
  1. Activate the virtualenv you have just created:
$ source <virtual env path>/bin/activate
  1. Clone this repository:
$ git clone https://github.com/iamnihal/warf.git
  1. Install the requirements:
$ pip install -r requirements.txt
  1. Apply migrations:
$ python manage.py migrate
  1. Run the server:
$ python manage.py runserver

and load the app at http://127.0.0.1:8000

  • Using Docker

If you don't have Docker installed on your system, you can follow up with the official Docker installation guide.

  1. Start by cloning the repository:
$ git clone https://github.com/iamnihal/warf.git
  1. Build the Docker image:
$ docker build -t warf .
  1. Build and run Docker container:
$ docker run --name warf -d -p 8000:8000 warf

and now your app is ready to launch at http://127.0.0.1:8000

⚠️ Warning:- Change SECRET_KEY in settings.py for the security purpose. To generate your own SECRET_KEY, use this:-

python -c "import secrets; print(secrets.token_urlsafe())"

Contributing

If you want to contribute to this project and make it better, your help is very welcome. As this is my first ever project in Django, there could exist a lot of caveats and other coding related issues. Your contribution to this project helps me to learn and inspire to build more awesome projects in future. Contributing is also a great way to learn more about social coding on Github, new technologies and and their ecosystems. Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

License

Distributed under the MIT License. See LICENSE for more information.

Acknowledgements and Credits

All the tools in WARF have been created by these awesome people:

  1. Sublist3r:- aboul3la
  2. github-subdomain.py:- gwen001
  3. Dirsearch:- maurosoria
  4. SecretFinder:- m4ll0k
  5. Linkfinder:- GerbenJavado