Whoof
Web Browser Hooking Framework. Manage, execute and assess web browser vulnerabilities
Install / Use
/learn @compewter/WhoofREADME
whoof (Web-Browser Hooking Framework)
whoof is an early stage lightweight web browser hooking framework. A web browser hook can be thought of as a backdoor in a web page allowing an attacker to execute commands in the page with or without the visitor noticing. whoof is a web application security tool to manage, execute and assess web browser vulnerabilities.
whoof uses Node/Express server-side, with React/Redux on the client-side.
Hooked browsers are managed via WebSockets.
Check out the wiki for details on features and getting started.
Features
Custom Attacks
Use the attack builder to construct custom attacks on the fly.
Execute Arbitrary Commands with the Terminal
Use the terminal to execute arbitrary commands or retrieve data from hooked pages.
Easily import/export attacks
One click download an exported attack which can easily be imported in the admin web app.
This repo was built off of and ejected from Facebook's create-react-app
Related Skills
healthcheck
353.1kHost security hardening and risk-tolerance configuration for OpenClaw deployments
node-connect
353.1kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
prose
353.1kOpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.
frontend-design
111.6kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
