ClickJackPoc

This tool will help you automate finding Clickjacking Vulnerability by just passing a file containing list of Targets .
Once the Target is Found Vulnerable It will generate the Exploit Proof of Conepet(PoC) for each Vulnerable targets.

What is Clickjacking ?

Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a or .</li> <li>Sites can use "X-Frame-Options" in the headers to avoid clickjacking attacks by ensuring that their content is not embedded into other sites.</li> <li><a href="https://owasp.org/www-community/attacks/Clickjacking" rel="nofollow">Reference</a></li> </ul> <h2 dir="auto"><a id="user-content-installation" class="anchor" aria-hidden="true" href="#installation"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Installation:</h2> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="git clone https://github.com/Raiders0786/ClickjackPoc.git cd ClickjackPoc pip install -r requirements.txt"> <pre><code>git clone https://github.com/Raiders0786/ClickjackPoc.git cd ClickjackPoc pip install -r requirements.txt </code></pre> </div> <h2 dir="auto"><a id="user-content-example" class="anchor" aria-hidden="true" href="#example"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Example:</h2> <p dir="auto">Example Usage of the Tool</p> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="python3 clickJackPoc.py -f domains.txt"> <pre><code>python3 clickJackPoc.py -f domains.txt </code></pre> </div> <p dir="auto"><a target="_blank" rel="noopener noreferrer" href="https://github.com/Raiders0786/ClickjackPoc/raw/master/usage.png"><img src="https://github.com/Raiders0786/ClickjackPoc/raw/master/usage.png" alt="1" style="max-width: 100%;"></a></p> <h2 dir="auto"><a id="user-content-allowed-targets-format" class="anchor" aria-hidden="true" href="#allowed-targets-format"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Allowed Targets Format:</h2> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="http://target.com target.com www.target.com https://tartget.com/ https://IP:Port IP:Port http://IP:Port/login http://www.target.com/directory https://www.target.com/directory"> <pre><code>http://target.com target.com www.target.com https://tartget.com/ https://IP:Port IP:Port http://IP:Port/login http://www.target.com/directory https://www.target.com/directory </code></pre> </div> <h2 dir="auto"><a id="user-content-benefits" class="anchor" aria-hidden="true" href="#benefits"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Benefits:</h2> <ul dir="auto"> <li>It will take all the targets from the file passed.</li> <li>Make the exploit Poc by creating a HTML File with <code>TargetName.html</code> as the Output.</li> <li>Will Print <code>Not Vulnerable</code> if Target is not Vulnerable.</li> </ul> <h2 dir="auto"><a id="user-content-reach-me-" class="anchor" aria-hidden="true" href="#reach-me-"> <svg class="octicon octicon-link" viewbox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"> <path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path> </svg></a>Reach Me :</h2> <ul dir="auto"> <li><code>Do Tag Me if you get Rewarded💸💰 , Will be Very Happy to hear that 😄 !</code></li> <li>Do Give it a <code>Star</code> if you like it & <code>Follow</code> me for more such stuffs!</li> <li>Let me know if you have any Suggestion's or want to Collaborate.</li> <li>This tool is made for Learning Purpose !</li> </ul> <p dir="auto"><a href="https://www.linkedin.com/in/chirag-agrawal-770488144/" rel="nofollow"><img src="https://camo.githubusercontent.com/a80d00f23720d0bc9f55481cfcd77ab79e141606829cf16ec43f8cacc7741e46/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c696e6b6564496e2d3030373742353f7374796c653d666f722d7468652d6261646765266c6f676f3d6c696e6b6564696e266c6f676f436f6c6f723d7768697465" alt="Linkedin" style="height: 60px; width: 170px; max-width: 100%;" data-canonical-src="https://img.shields.io/badge/LinkedIn-0077B5?style=for-the-badge&logo=linkedin&logoColor=white"></a> <a target="_blank" rel="noopener noreferrer" href="https://camo.githubusercontent.com/c4beccd946d3d75029f0f1755d7b758604ad25a83cd668e06eed6646b99b7108/68747470733a2f2f696d672e736869656c64732e696f2f747769747465722f666f6c6c6f772f5f5f526169646572733f7374796c653d736f6369616c"><img alt="Twitter Follow" src="https://camo.githubusercontent.com/c4beccd946d3d75029f0f1755d7b758604ad25a83cd668e06eed6646b99b7108/68747470733a2f2f696d672e736869656c64732e696f2f747769747465722f666f6c6c6f772f5f5f526169646572733f7374796c653d736f6369616c" width="250" height="50" data-canonical-src="https://img.shields.io/twitter/follow/__Raiders?style=social" style="max-width: 100%;"></a></p>

ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

ExProlog ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065) Usage: exprolog.py [OPTIONS] ExProlog -

130 Dec 15, 2022

ProxyShell POC Exploit : Exchange Server RCE (ACL Bypass + EoP + Arbitrary File Write)

ProxyShell Install git clone https://github.com/ktecv2000/ProxyShell cd ProxyShell virtualenv -p $(which python3) venv source venv/bin/activate pip3 i

312 Dec 9, 2022

On the 11/11/21 the apache 2.4.49-2.4.50 remote command execution POC has been published online and this is a loader so that you can mass exploit servers using this.

ApacheRCE ApacheRCE is a small little python script that will allow you to input the apache version 2.4.49-2.4.50 and then input a list of ip addresse

3 Dec 4, 2022

Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit

Spring4Shell PoC Application This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965). Full Java source

275 Jan 8, 2023

IP Denial of Service Vulnerability ")A proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability ")

CVE-2021-24086 This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patc

1 Nov 25, 2021

How to exploit a double free vulnerability in 2021. 'Use-After-Free for Dummies'

This bug doesn’t exist on x86: Exploiting an ARM-only race condition How to exploit a double free and get a shell. "Use-After-Free for dummies" In thi

1.2k Dec 25, 2022

Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead ( v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.

GoAhead RCE Exploit Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead ( v3.6.5) if the CGI is enabled and a CGI program is dynamic

2 Dec 12, 2021

This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

CVE-2021-43798 – Grafana Exploit About This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798

12 Nov 18, 2022

A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚

log4check A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚 Tested to work between Minecraft versions 1.12.2 a

4 Dec 23, 2021

Automated tool to find & created Exploit Poc for Clickjacking Vulnerability

Related tags

Overview

ClickJackPoc

What is Clickjacking ?

You might also like...

ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

ProxyShell POC Exploit : Exchange Server RCE (ACL Bypass + EoP + Arbitrary File Write)

On the 11/11/21 the apache 2.4.49-2.4.50 remote command execution POC has been published online and this is a loader so that you can mass exploit servers using this.

Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit

IP Denial of Service Vulnerability ")A proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability ")

How to exploit a double free vulnerability in 2021. 'Use-After-Free for Dummies'

Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead ( v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.

This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚

Owner

Chirag Agrawal

AnonStress-Stored-XSS-Exploit - An exploit and demonstration on how to exploit a Stored XSS vulnerability in anonstress

log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.

Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability

the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability

POC for detecting the Log4Shell (Log4J RCE) vulnerability.

POC for detecting the Log4Shell (Log4J RCE) vulnerability

CVE-2022-21907 Vulnerability PoC