- This Python-based tool automates the detection of ClickJacking vulnerabilities by scanning a list of targets provided in a file.
- For each vulnerable target found, it generates an Exploit Proof of Concept (PoC) in the form of an HTML file.
- The tool is completely working and has been thoroughly tested for reliability and accuracy.
- ClickJacking (also known as User Interface redress attack, UI redress attack, or UI redressing) is a malicious technique where a web user is tricked into clicking on something different from what they perceive, potentially revealing confidential information or taking control of their computer while interacting with seemingly harmless web pages.
- A server that doesn’t return an
X-Frame-Options header
is vulnerable to ClickJacking attacks. TheX-Frame-Options
HTTP response header is used to indicate whether a browser should be allowed to render a page within a<frame> or <iframe>
. - Websites can prevent ClickJacking attacks by using the
X-Frame-Options
header to ensure their content isn’t embedded in other sites.
- 🎯 Target-Based Scanning: Automatically scans all targets listed in the provided file.
- 🛠️ Exploit PoC Generation: Creates an HTML-based Proof of Concept (PoC) file for each vulnerable target, saved as TargetName.html.
- ✅ Comprehensive Reporting: Clearly identifies and prints "Not Vulnerable" for targets that are secure.
- 🚀 Multithreading for Speed: Leverages multithreading to perform rapid vulnerability scanning.
- 🔔 Slack Integration: Sends real-time Slack alerts with attached PoC files for each vulnerable target.
- 📁 Organized Results: Stores all generated PoC files in a dedicated results folder, each named after the corresponding target.
- 🔧 Robust Error Handling: Includes detailed logging and error management to ensure smooth operation and easy troubleshooting.
git clone https://github.com/Raiders0786/ClickjackPoc.git
cd ClickjackPoc
pip install -r requirements.txt
Example Usage of the Tool
python3 clickJackPoc.py -f domains.txt
http://target.com
target.com
www.target.com
https://target.com/
https://IP:Port
IP:Port
http://IP:Port/login
http://www.target.com/directory
https://www.target.com/directory
- 💬 Tag Me if you get rewarded 💸💰—I’d love to hear about your success! 😄
- If you find this tool useful, please give it a Star ⭐ and Follow me for more cool projects!
- Feel free to reach out if you have any suggestions or want to collaborate.
⚠️ Note: This tool is intended for learning purposes only.