Open In App

WWWGrep – OWASP Foundation Web Repository

Last Updated : 27 Dec, 2021
Improve
Improve
Like Article
Like
Save
Share
Report

Grepping is the technique that allows the user to search one or more files for a specific string of text and outputs all the lines that contain the string. We can apply this technique in penetration testing for finding the HTML elements by type and permits. There is an automated tool that performs this task for us, the name of the tool is WWWGrep. WWWGrep tool is the fastest tool for performing grepping on web applications. Mainly this tool was designed to assist breakers and builders in quickly examining the large code-bases, but nowadays this tool is also used in Security. WWWGrep tool is developed in the Python Language and available on GitHub. WWWGrep tool is an open-source and free-to-use tool.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process – Python Installation Steps on Linux

Installation of WWWGrep Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/OWASP/wwwgrep.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd wwwgrep

Step 3: You are in the directory of the WWWGrep. Now you have to install a dependency of the WWWGrep using the following command.

sudo pip3 install -r requirements.txt

Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

python3 wwwgrep.py -h

Working with WWWGrep Tool on Kali Linux OS

Example 1: Find all input fields named login on a site recursively while not leaving the root domain without case sensitivity in the match

python3 wwwgrep.py -t https://clientam.com/sso/Login -i -si “login” -rr

Example 2: Find all comments containing the term “[ENDIF]” on all pages in a site

python3 wwwgrep.py -t https://www.w3schools.com/html/html_comments.asp -i -sc “[ENDIF] ” -rr

Example 3: Find all comments on a specific web page

python3 wwwgrep.py -t https://www.w3schools.com/html/html_comments.asp -i -sc “” -rr

Example 4: Find all hidden fields within a list of web applications contained in the file input.txt using site recursion

python3 wwwgrep.py -f input.txt -sf "" -rr


Like Article
Suggest improvement
Previous
Foundation CSS Accordion Sass Reference
Next
LinkFinder - Script to search Endpoints in JavaScript Files
Share your thoughts in the comments

Similar Reads

OpenDoor - OWASP Directory Access Scanner in Kali Linux
OWASP D4N155 - Intelligent And Dynamic Wordlist Using OSINT
How To Install OWASP Juice-Shop on Kali Linux
OWASP VBScan – A Black Box VBulletin Vulnerability Scanner
Git-Secret - Go Script For Finding An API Key / Some Keywords In Repository
How To Enable Universe Repository in Ubuntu
D-TECT - Web Applications Penetration Testing Tool
BlackWidow - Web Application Spider
Optiva Framework - Web Application Vulnerabilities Scanner
How to Find Hidden Web Directories with Dirsearch

G
gauravgandal
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox