ClickJackPoc

This tool will help you automate finding Clickjacking Vulnerability by just passing a file containing list of Targets .
Once the Target is Found Vulnerable It will generate the Exploit Proof of Conepet(PoC) for each Vulnerable targets.

What is Clickjacking ?

Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a or .</li> <li>Sites can use "X-Frame-Options" in the headers to avoid clickjacking attacks by ensuring that their content is not embedded into other sites.</li> <li><a href="https://owasp.org/www-community/attacks/Clickjacking" rel="nofollow">Reference</a></li> </ul> <h2 dir="auto"><a id="user-content-installation" class="anchor" aria-hidden="true" href="#installation"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Installation:</h2> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="git clone https://github.com/Raiders0786/ClickjackPoc.git cd ClickjackPoc pip install -r requirements.txt"> <pre><code>git clone https://github.com/Raiders0786/ClickjackPoc.git cd ClickjackPoc pip install -r requirements.txt </code></pre> </div> <h2 dir="auto"><a id="user-content-example" class="anchor" aria-hidden="true" href="#example"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Example:</h2> <p dir="auto">Example Usage of the Tool</p> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="python3 clickJackPoc.py -f domains.txt"> <pre><code>python3 clickJackPoc.py -f domains.txt </code></pre> </div> <p dir="auto"><a target="_blank" rel="noopener noreferrer" href="https://github.com/Raiders0786/ClickjackPoc/raw/master/usage.png"><img src="https://github.com/Raiders0786/ClickjackPoc/raw/master/usage.png" alt="1" style="max-width: 100%;"></a></p> <h2 dir="auto"><a id="user-content-allowed-targets-format" class="anchor" aria-hidden="true" href="#allowed-targets-format"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Allowed Targets Format:</h2> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="http://target.com target.com www.target.com https://tartget.com/ https://IP:Port IP:Port http://IP:Port/login http://www.target.com/directory https://www.target.com/directory"> <pre><code>http://target.com target.com www.target.com https://tartget.com/ https://IP:Port IP:Port http://IP:Port/login http://www.target.com/directory https://www.target.com/directory </code></pre> </div> <h2 dir="auto"><a id="user-content-benefits" class="anchor" aria-hidden="true" href="#benefits"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Benefits:</h2> <ul dir="auto"> <li>It will take all the targets from the file passed.</li> <li>Make the exploit Poc by creating a HTML File with <code>TargetName.html</code> as the Output.</li> <li>Will Print <code>Not Vulnerable</code> if Target is not Vulnerable.</li> </ul> <h2 dir="auto"><a id="user-content-reach-me-" class="anchor" aria-hidden="true" href="#reach-me-"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Reach Me :</h2> <ul dir="auto"> <li><code>Do Tag Me if you get Rewarded💸💰 , Will be Very Happy to hear that 😄 !</code></li> <li>Do Give it a <code>Star</code> if you like it & <code>Follow</code> me for more such stuffs!</li> <li>Let me know if you have any Suggestion's or want to Collaborate.</li> <li>This tool is made for Learning Purpose !</li> </ul> <p dir="auto"><a href="https://www.linkedin.com/in/chirag-agrawal-770488144/" rel="nofollow"><img src="https://camo.githubusercontent.com/a80d00f23720d0bc9f55481cfcd77ab79e141606829cf16ec43f8cacc7741e46/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c696e6b6564496e2d3030373742353f7374796c653d666f722d7468652d6261646765266c6f676f3d6c696e6b6564696e266c6f676f436f6c6f723d7768697465" alt="Linkedin" style="height: 60px; width: 170px; max-width: 100%;" data-canonical-src="https://img.shields.io/badge/LinkedIn-0077B5?style=for-the-badge&logo=linkedin&logoColor=white"></a> <a target="_blank" rel="noopener noreferrer" href="https://camo.githubusercontent.com/c4beccd946d3d75029f0f1755d7b758604ad25a83cd668e06eed6646b99b7108/68747470733a2f2f696d672e736869656c64732e696f2f747769747465722f666f6c6c6f772f5f5f526169646572733f7374796c653d736f6369616c"><img alt="Twitter Follow" src="https://camo.githubusercontent.com/c4beccd946d3d75029f0f1755d7b758604ad25a83cd668e06eed6646b99b7108/68747470733a2f2f696d672e736869656c64732e696f2f747769747465722f666f6c6c6f772f5f5f526169646572733f7374796c653d736f6369616c" width="250" height="50" data-canonical-src="https://img.shields.io/twitter/follow/__Raiders?style=social" style="max-width: 100%;"></a></p>

Automated tool to find & created Exploit Poc for Clickjacking Vulnerability

Related tags

Overview

ClickJackPoc

What is Clickjacking ?

Owner

Chirag Agrawal

Web3 Pancakeswap Sniper & honeypot detector Take Profit/StopLose bot written in python3, For ANDROID WIN MAC & LINUX

Client script for the fisherman phishing tool

This is a simple PoC for the newly found Polkit error names PwnKit

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)

Send CVE information to the specified mailbox (from Github)

Natural Language Processing - Sommer Semester 2022

This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature

A simple Burp Suite extension to extract datas from source code

Wireguard VPN Server Installer for: on Ubuntu, Debian, Arch, Fedora and CentOS

Source code for "A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction" @ NAACL 2022

HatSploit collection of generic payloads designed to provide a wide range of attacks without having to spend time writing new ones.

JumpServer远程代码执行漏洞检测利用脚本

Flutter Reverse Engineering Framework

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or CVE from Github by CVE ID.

This is tools hacking for scan vuln in port web, happy using

Experimental musig2 python code, not for production use!

Lightweight and beneficial Dependency Injection plugin for apscheduler

IDA Python Script for anti ollvm

A Python Scanner for log4j