ZAP에서 우아하게 Cookie 기반 Auth 테스팅하기
Concept feature in future
So far I have been github repoing tools simply to enumerate them, but we’re thinking about how we’ll be able to easily install/uninstall/update the tools that are included in the future.
The major changes and functions are as follows.
web page, package manager , upgrade data.json format , new category
Web page and Package manager
Concept of webpage
Select an OS, tool, etc. check box and press the button to provide an oneline install script.
Concept of cli package manager
install one package
whw install amass
check list
whw install
Please select a package to install
[*] Amass
[*] Dalfox
[ ] s3reverse
[ ] fzf
[*] ffuf
update all
whw update
update all package...
Upgrade data.json format
Now
tool{"data","method","type"}
{
"Amass": {
"Data": "| Discovery/DOMAIN | [Amass](https://github.com/OWASP/Amass) | In-depth Attack Surface Mapping and Asset Discovery |  |  |",
"Method": "DOMAIN",
"Type": "Discovery"
},
"Arjun": {
"Data": "| Discovery/HTTP | [Arjun](https://github.com/s0md3v/Arjun) | HTTP parameter discovery suite. |  |  |",
"Method": "HTTP",
"Type": "Discovery"
},
"Aron": {
"Data": "| Discovery/HTTP | [Aron](https://github.com/m4ll0k/Aron) | Aron is a GO script for finding hidden GET \u0026 POST parameters |  |  |",
"Method": "HTTP",
"Type": "Discovery"
}
}
After
tool{"data","method","type","install":{"macos","windows","linux"},"description"}
Category!
It’s a simple task, but I think I’ll work at the last time because I need to change the logic in main.
Now?
- Main(cli/gui tools)
- Burp and ZAP Extensions
After
- Browser Externsion
- Bookmarklet
Conclusion
Thank you for loving WHW until now. Thank you in the future :kissing_heart:!
