ClickJacker/click-jacker.py at main · Cyber-30/ClickJacker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
import requests
from colorama import Fore, init
import pyfiglet

# Initialize colorama
init(autoreset=True)

# Tool Information
TOOL_NAME = "Clickjacker"
VERSION = "1.0"
FOOTER = "Cyber-30"
DESCRIPTION = "A Simple Tool To Find ClickJacking Vulnerability With POC"


def check_clickjacking(url):
    try:
        response = requests.get(url)
        headers = response.headers

        print(Fore.CYAN + "\nHeader Details:")
        for header, value in headers.items():
            print(f"{header}: {value}")

        x_frame_options = "X-Frame-Options" in headers
        csp_frame_ancestors = (
            "Content-Security-Policy" in headers
            and "frame-ancestors" in headers["Content-Security-Policy"]
        )

        javascript_frame_busting = check_javascript_frame_busting(url)
        samesite_cookies = check_samesite_cookies(url)

        is_clickjacking_possible = not (
            x_frame_options or csp_frame_ancestors or javascript_frame_busting
        )

        print(Fore.GREEN + "\nClickjacking Vulnerability Check Results:")
        print(Fore.YELLOW + f"X-Frame-Options present: {x_frame_options}")
        print(Fore.YELLOW + f"CSP with frame-ancestors present: {csp_frame_ancestors}")
        print(
            Fore.YELLOW
            + f"JavaScript frame busting implemented: {javascript_frame_busting}"
        )
        print(Fore.YELLOW + f"SameSite cookies properly set: {samesite_cookies}")

        if is_clickjacking_possible:
            print(Fore.RED + "Clickjacking is POSSIBLE!")
        else:
            print(Fore.GREEN + "Clickjacking is NOT possible.")

    except requests.exceptions.RequestException as e:
        print(Fore.RED + f"Error accessing {url}: {e}")


def check_javascript_frame_busting(url):
    return False  # Placeholder for actual checks.


def check_samesite_cookies(url):
    return True  # Placeholder for actual checks.


if __name__ == "__main__":
    # Stylish tool name display with colors
    name_display = pyfiglet.figlet_format(TOOL_NAME, font="slant")
    colored_name = Fore.MAGENTA + name_display
    print(colored_name)

    # Add gap before description
    print()  # Print an empty line for spacing

    # Print description in regular text
    print(Fore.CYAN + DESCRIPTION)

    # Add a single vertical gap after description
    print()  # Print one empty line for vertical spacing

    # Print version and footer in digital font
    version_display = pyfiglet.figlet_format(f"Version: {VERSION}", font="digital")
    footer_display = pyfiglet.figlet_format(f"Coded By: {FOOTER}", font="digital")

    print(Fore.GREEN + version_display)
    print(Fore.YELLOW + footer_display)

    while True:
        website_url = input(
            Fore.BLUE + "\nEnter a website URL (including http/https): "
        )
        check_clickjacking(website_url)

        another_check = (
            input(Fore.YELLOW + "\nDo you want to check another URL? (yes/no): ")
            .strip()
            .lower()
        )
        if another_check != "yes":
            print(Fore.GREEN + "Thank you for using Clickjacker! Exiting...")
            break