Skip to content
This repository has been archived by the owner on Jan 17, 2019. It is now read-only.

Functionality

Jump to bottom
Thomas Perkins edited this page Nov 29, 2016 · 5 revisions

Whitewidow has a total of 12 flags as of now.

Mandatory flags, that have to be run for the program to do anything:

-d/--default          (Scrapes Google for possible vulnerable sites)
-f/--file FILENAME    (Runs through the specified file list and tries to find vulnerabilities in the sites)
-s/--spider URL       (Opens the URL pulls all the URL redirects from that site, make sure it's a good URL)

Enumeration flags, these will help enumerate the program, or run the program in a certain way

-x/--run-x NUM         (Runs the program the specified amount of times in a dry/batch run)
--dry-run              (Runs the program but doesn't search the sites for vulnerabilities, prompts for input)
--batch                (Used in conjunction with dry run, doesn't prompt for input)

Anomity flags, these flags are for making yourself anonymous:

-p/--proxy IP:PORT     (Configure the program to run behind a proxy, must use the ":")
--rand-agent           (Use a random user agent header instead of the default)

Processing flags, these flags will process the already found sites and run them.

--sqlmap                (Will launch sqlmap and use the SQL_VULN.LOG file as the bulk file, will prompt you for your commands)
-D/--dork DORK          (Will run with your own custom dork)

Random and misc flags, these flags really have nothing to do with the programs functionality but will help with stuff, kinda..

-l/--legal               (Will display the legal information, full legal along with the terms of service)
-b/--banner              (Will hide whitewidows banner, meaning it won't display the version either)
--beep                   (Will create a beep everytime the program finds a SQL vulnerable site)

Future flags and possible updates, these flags are a future update, and possibly will be implemented into the program

--xss                        (If a program is found to not be SQL vulnerable, this will launch a random basic alert script from a constant, it will replace the `php?id=1` for example, one, at the end of the link with something like `<script>alert("XSS");</script>`, it will then connect to the page and check if pop alert happened. If it happened, that page is XSS vulnerable and will be logged.)
--rand-search-engine         (Will use a random search engine instead of Google from a constant. This may be default and maybe used as a "pick your search engine flag" instead)
-t/--tor                     (Will run the program through tor. You will need to have tor downloaded on the computer, and running on the computer first, it will then connect through tor)
Clone this wiki locally