Skip to content
/ Web-Sieve Public

A multi-threaded webfuzzing tool used to bruteforce web directories across multiple machines at the same time

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

23yem/Web-Sieve

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
websieve.py
websieve.py
 
 

Repository files navigation

Web-Sieve

Web-Sieve is a lightweight, multi-threaded reconnaissance orchestrator designed for Penetration Testing.

It automates the tedious process of finding web servers across a large scope. It scans for open ports, identifies HTTP/HTTPS services (on standard and non-standard ports), and automatically launches directory brute-forcing attacks, all while managing concurrency to prevent overloading target hosts.

🚀 Features

  • Smart Orchestration: Scans multiple Hosts in parallel, but scans Ports on a single host sequentially to avoid DoS/crashing fragile services.
  • Service Detection: Probes open ports to distinguish actual Web Servers from other TCP services.
  • Flexible Input: Accepts Single IPs (10.10.10.5), Ranges (10.10.10.1-50), and CIDR (10.10.10.0/24).
  • Automated Brute-force: Automatically runs gobuster against every confirmed web service.
  • Progress Tracking: Includes a real-time progress bar (tqdm) for tracking long-running scans.

📋 Prerequisites

This tool relies on external binaries. You must have these installed on your system (Kali/Parrot):

  • Nmap (sudo apt install nmap)
  • Gobuster (sudo apt install gobuster)
  • Wordlists (Default: /usr/share/wordlists/dirb/common.txt)

🛠️ Installation

  1. Clone the repository:

    git clone https://github.com/23yem/Web-Sieve.git
cd Web-Sieve

  2. Install Python Dependencies:

    pip3 install -r requirements.txt
# Or if on Kali (system-wide):
sudo pip3 install -r requirements.txt --break-system-packages

💻 Usage

Note: This tool requires sudo privileges to perform Nmap SYN scans (-sS) which are faster and more reliable.

Single Target

sudo python3 websieve.py 10.10.10.5

Multiple Targets

MAKE SURE not to include a space after the comma!

sudo python3 websieve.py 10.10.10.5,10.10.10.17

IP Range

sudo python3 websieve.py 10.10.10.1-50

CIDR Subnet

sudo python3 websieve.py 192.168.1.0/24

Output

Results are saved in the results/ directory. Each confirmed web service gets its own text file named after the IP and Port:

  • results/10.10.10.5_80.txt
  • results/10.10.10.5_8080.txt

⚠️ Disclaimer

This tool is intended for educational purposes and authorized security testing only. Do not use this tool on networks you do not have explicit permission to audit.

About

A multi-threaded webfuzzing tool used to bruteforce web directories across multiple machines at the same time

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages