Skip to content

r4shsec/hiddenform

BranchesTags

Repository files navigation

HiddenForm

Made with 💝 by R4shSec

⚠️ DISCLAIMER

THE FOLLOWING TOOL IS ONLY MADE FOR EDUCATIONAL AND RESEARCH PURPOSES. THE AUTHOR ISN'T LIABLE FOR ANY MISUSE OF THIS SCRIPT THAT MAY RESULT IN DAMAGES OR CRIMINAL LIABILITY. USE AT YOUR OWN RISK; WITH GREAT POWER COMES GREAT RESPONSIBILITY.

What is HiddenForm?

HiddenForm GIF

HiddenForm is a penetration testing tool used for red teamers. This tool's purpose is to raise awareness regarding the dangers of autofill that password managers use as well as phishing attacks.

What are the dangers of hidden forms?

Some password managers skip attributes such as hidden or styling such as style="display:none". This autofills the form with other information despite it being hidden. Yes, you heard me right, hidden!

Usage

  1. Download Node.js for your Operating System (OS).
  2. Clone this repository and change directories:
git clone https://github.com/r4shsec/hiddenform.git
cd hiddenform

  1. Edit the config.json file if you'd like to change anything.

  2. Run this command:

npm install # Install the node modules.
npm start # Run the command.

The default username and password for the admin panel is admin:admin.

License 📜

This is licensed under MIT.

About

HiddenForm is a penetration testing tool used for red teaming to raise awareness regarding the dangers of autofill as well as phishing attacks.

Topics

nodejs html html5 form penetration-testing html-css-javascript hidden red-teaming penetration-testing-tools red-teaming-tools hidden-form-fields

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages