diff --git a/README.md b/README.md
index fe14ac1..3f3ed6a 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
# Installation
- 1. git clone https://https://github.com/machine1337/clickjack
+ 1. git clone https://github.com/machine1337/clickjack
2. cd clickjack && chmod +x clickjack.sh
# Usage
diff --git a/click-j1ck3r.sh b/click-j1ck3r.sh
new file mode 100755
index 0000000..c49720a
--- /dev/null
+++ b/click-j1ck3r.sh
@@ -0,0 +1,327 @@
+#!/bin/bash
+
+#Coded By Machine404! Don't copy this code without giving me credit~
+#https://instagram.com/invisibleclay100
+#https://twitter.com/whoami4041
+#https://www.youtube.com/channel/UCC_aPnmV_zGfdwktCFE9cPQ
+
+# Color definitions for output formatting
+NC='\033[0m' # No Color
+RED='\033[1;38;5;196m'
+GREEN='\033[1;38;5;040m'
+ORANGE='\033[1;38;5;202m'
+BLUE='\033[1;38;5;012m'
+BLUE2='\033[1;38;5;032m'
+PINK='\033[1;38;5;013m'
+GRAY='\033[1;38;5;004m'
+NEW='\033[1;38;5;154m'
+YELLOW='\033[1;38;5;214m'
+CG='\033[1;38;5;087m'
+CP='\033[1;38;5;221m'
+CPO='\033[1;38;5;205m'
+CN='\033[1;38;5;247m'
+CNC='\033[1;38;5;051m'
+
+# HTML PoC template with proper indentation
+# Will be populated with the target URL when vulnerability is found
+read -r -d '' POC_HTML << 'EOT'
+
+
+ ClickJacking POC
+
+
+
+
+
+
+ POC Made By Machine404
+
+
+
+
+
+
+
+EOT
+
+# Display banner with tool information
+function banner() {
+ clear
+ echo -e ${CP}" ______ _ ___ ____ _ __ _ _ ____ _ _______ ______ #"
+ echo -e ${CP}" / / ___| | |_ _/ ___| |/ / | / |/ ___| |/ /___ /| _ \ \ #"
+ echo -e ${CP}" | | | | | | | | | ' /_____ _ | | | | | ' / |_ \| |_) | | #"
+ echo -e ${CP}" < <| |___| |___ | | |___| . \_____| |_| | | |___| . \ ___) | _ < > > #"
+ echo -e ${CP}" | |\____|_____|___\____|_|\_\ \___/|_|\____|_|\_\____/|_| \_\ | #"
+ echo -e ${CP}" \_\ /_/ #"
+ echo -e ${CNC}" A Simple Tool To Find ClickJacking Vulnerability With POC #"
+ echo -e ${YELLOW}" Coded By: Machine404 #"
+ echo -e ${CP}" Follow Me On: ${CPO}Instagram: invisibleclay100 #"
+ echo -e ${CP}" ${PINK}Twitter: whoami4041 #"
+ echo -e ${RED}"############################################################################# ${NC} \n "
+}
+
+# Make sure curl is installed
+function check_requirements() {
+ command -v curl >/dev/null 2>&1 || { echo -e "${RED}[!] curl is required but not installed.${NC}"; exit 1; }
+}
+
+# Validate and normalize URL
+function validate_url() {
+ local input_url=$1
+ # Validate URL format
+ if [[ ! $input_url =~ ^https?:// ]]; then
+ input_url="https://$input_url"
+ fi
+
+ # Remove trailing slashes
+ input_url=${input_url%/}
+
+ # Basic domain validation - accepts domain names and IPs
+ if [[ $input_url =~ ^https?://[a-zA-Z0-9.-]+\.[a-zA-Z]{2,} ]]; then
+ echo "$input_url"
+ return 0
+ fi
+
+ echo ""
+ return 1
+}
+
+# Get valid URL input from user
+function get_url_input() {
+ local url=""
+
+ while true; do
+ printf "${BLUE}[+] Enter domain name (e.g., example.com or https://example.com): ${NC}" >&2
+ read -r url || return 1
+
+ [[ -z "$url" ]] && {
+ echo -e "${RED}[!] URL cannot be empty. Please try again.${NC}"
+ continue
+ }
+
+ if validated_url=$(validate_url "$url"); then
+ echo "$validated_url"
+ return 0
+ else
+ echo -e "${RED}[!] Invalid URL format. Please try again.${NC}"
+ fi
+ done
+}
+
+# Check single URL for clickjacking vulnerability
+function single_url() {
+ banner
+ url=$(get_url_input)
+
+ echo -e "${ORANGE}[*] Testing $url for clickjacking vulnerability...${NC}"
+
+ # Validate URL
+ validated_url=$(validate_url "$url")
+ if [ -z "$validated_url" ]; then
+ echo -e "${RED}[!] Error: Invalid URL format${NC}"
+ return
+ fi
+
+ # Check if site is accessible
+ check=$(curl -s -L -A "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/81.0" \
+ --connect-timeout 5 --max-time 10 --head "$validated_url" 2>/dev/null)
+
+ if [ $? -ne 0 ]; then
+ echo -e "${RED}[!] Error: Could not connect to $url${NC}"
+ return
+ fi
+
+ echo -e "${BLUE}[*] Analyzing security headers...${NC}"
+
+ # Check X-Frame-Options header
+ local is_vulnerable=true
+ if echo "$check" | grep -iE "X-Frame-Options: (DENY|SAMEORIGIN)" &>/dev/null; then
+ is_vulnerable=false
+ echo -e "${RED}[✗] X-Frame-Options header found and properly configured (Protected, Not Vulnerable)${NC}"
+ elif echo "$check" | grep -i "X-Frame-Options:" &>/dev/null; then
+ echo -e "${YELLOW}[!] X-Frame-Options header found but may be misconfigured (Potentially Vulnerable)${NC}"
+ else
+ echo -e "${GREEN}[✓] No X-Frame-Options header found (Unprotected, Vulnerable)${NC}"
+ fi
+
+ # Check Content-Security-Policy frame-ancestors
+ if echo "$check" | grep -i "Content-Security-Policy:" | grep -iE "frame-ancestors\s+(\'none\'|\'self\')" &>/dev/null; then
+ is_vulnerable=false
+ echo -e "${RED}[✗] Content-Security-Policy frame-ancestors directive found and properly configured (Protected, Not Vulnerable)${NC}"
+ elif echo "$check" | grep -i "Content-Security-Policy:" &>/dev/null; then
+ echo -e "${YELLOW}[!] Content-Security-Policy header found but frame-ancestors directive may be missing (Potentially Vulnerable)${NC}"
+ else
+ echo -e "${GREEN}[✓] No Content-Security-Policy header found (Unprotected, Vulnerable)${NC}"
+ fi
+
+ # Check for HTML meta tags (as fallback)
+ local page_content
+ page_content=$(curl -s -L -A "Mozilla/5.0" "$url" 2>/dev/null)
+ if echo "$page_content" | grep -iE "]+http-equiv=[\"']X-Frame-Options[\"'][^>]*>" &>/dev/null; then
+ echo -e "${YELLOW}[!] X-Frame-Options meta tag found (not as effective as HTTP header, yet potentially protected)${NC}"
+ fi
+
+ if [ "$is_vulnerable" = true ]; then
+ echo -e "${GRAY}[!] $url is potentially vulnerable to clickjacking!${NC}"
+
+ # Generate PoC file
+ echo -e "${BLUE}[*] Generating PoC...${NC}"
+ poc_filename="clickjacking_poc_$(date +%s).html"
+ echo "$POC_HTML" | sed "s|TARGET_URL|$url|g" > "$poc_filename"
+ echo -e "${GREEN}[✓] PoC has been generated as ${poc_filename}${NC}"
+ echo -e "${YELLOW}[*] Open this file in a browser to test the vulnerability${NC}"
+
+ echo -e "${PINK}\n[?] Would you like to open the PoC right now? (y/n) : ${NC}"
+ read -r poc_press
+ if [ "$poc_press" = "y" ] || [ "$poc_press" = "Y" ]; then
+ open "$poc_filename" &>/dev/null
+ echo -e "${GREEN}[✓] PoC opened in the default browser${NC}"
+ fi
+ else
+ echo -e "${RED}[✗] $url appears to be protected against clickjacking${NC}"
+ fi
+
+ echo -e -n "${CP}\n[?] Would you like to go back to main menu? (y/n) : ${NC}"
+ read -r back_press
+ if [ "$back_press" = "y" ] || [ "$back_press" = "Y" ]; then
+ menu
+ else
+ echo -e "${GRAY}[!] Exiting...${NC}"
+ exit 0
+ fi
+}
+
+# Check multiple URLs from a file
+function mul_url() {
+ banner
+ local url_file=""
+
+ while [ -z "$url_file" ] || [ ! -f "$url_file" ]; do
+ echo -e -n "${CP}\n[+] Enter path to URL list file: ${NC}"
+ read -r url_file
+
+ if [ -z "$url_file" ]; then
+ echo -e "${RED}[!] File path cannot be empty. Please try again.${NC}"
+ elif [ ! -f "$url_file" ]; then
+ echo -e "${RED}[!] File not found: $url_file${NC}"
+ fi
+ done
+
+ echo -e "${ORANGE}[*] Testing URLs from $url_file...${NC}"
+
+ summary_file="clickjacking_summary_$(date +%s).txt"
+ touch "$summary_file"
+
+ while IFS= read -r url; do
+ url=$(validate_url "$url")
+ echo -e "\n${BLUE}[*] Testing $url${NC}"
+
+ check=$(curl -s -L -A "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/81.0" \
+ --connect-timeout 5 --max-time 10 --head "$validated_url" 2>/dev/null)
+
+ if [ $? -ne 0 ]; then
+ echo -e "${RED}[✗] Could not connect to $validated_url${NC}"
+ echo "[$validated_url] - Connection failed" >> "$summary_file"
+ continue
+ fi
+
+ echo -e "${BLUE}[*] Analyzing security headers...${NC}"
+
+ # Check X-Frame-Options header
+ local is_vulnerable=true
+ if echo "$check" | grep -iE "X-Frame-Options: (DENY|SAMEORIGIN)" &>/dev/null; then
+ is_vulnerable=false
+ echo -e "${RED}[✗] X-Frame-Options header found and properly configured (Protected, Not Vulnerable)${NC}"
+ elif echo "$check" | grep -i "X-Frame-Options:" &>/dev/null; then
+ echo -e "${YELLOW}[!] X-Frame-Options header found but may be misconfigured (Potentially Vulnerable)${NC}"
+ else
+ echo -e "${GREEN}[✓] No X-Frame-Options header found (Unprotected, Vulnerable)${NC}"
+ fi
+
+ # Check Content-Security-Policy frame-ancestors
+ if echo "$check" | grep -i "Content-Security-Policy:" | grep -iE "frame-ancestors\s+(\'none\'|\'self\')" &>/dev/null; then
+ is_vulnerable=false
+ echo -e "${RED}[✗] Content-Security-Policy frame-ancestors directive found and properly configured (Protected, Not Vulnerable)${NC}"
+ elif echo "$check" | grep -i "Content-Security-Policy:" &>/dev/null; then
+ echo -e "${YELLOW}[!] Content-Security-Policy header found but frame-ancestors directive may be missing (Potentially Vulnerable)${NC}"
+ else
+ echo -e "${GREEN}[✓] No Content-Security-Policy header found (Unprotected, Vulnerable)${NC}"
+ fi
+
+ if [ "$is_vulnerable" = true ]; then
+ echo -e "${GRAY}[!] $validated_url is potentially vulnerable to clickjacking!${NC}"
+ echo "[$validated_url] - VULNERABLE" >> "$summary_file"
+
+ # Generate PoC for vulnerable sites
+ poc_filename="$results_dir/poc_$(echo "$validated_url" | sed 's/[^a-zA-Z0-9]/_/g').html"
+ echo "$POC_HTML" | sed "s|TARGET_URL|$validated_url|g" > "$poc_filename"
+ echo -e "${GREEN}[✓] PoC has been generated: $poc_filename${NC}"
+ else
+ echo -e "${GREEN}[✓] $validated_url is protected${NC}"
+ echo "[$validated_url] - Protected" >> "$summary_file"
+ fi
+ done < "$url_file"
+
+ echo -e -n "${CP}\n[?] Would you like to go back to main menu? (y/n) : ${NC}"
+ read -r back_press
+ if [ "$back_press" = "y" ] || [ "$back_press" = "Y" ]; then
+ menu
+ else
+ echo -e "${GRAY}[!] Exiting...${NC}"
+ exit 0
+ fi
+}
+
+# Handle ctrl+c gracefully
+trap ctrl_c INT
+function ctrl_c() {
+ echo -e "${RED}\n[!] Ctrl+C pressed. Exiting...${NC}"
+ exit 1
+}
+
+# Main menu
+function menu() {
+ banner
+
+ check_requirements
+
+ echo -e "${YELLOW}[1] Scan Single URL${NC}"
+ echo -e "${BLUE2}[2] Scan Multiple URLs${NC}"
+ echo -e "${RED}[3] Exit${NC}"
+
+ while true; do
+ echo -e -n "${CP}\n[+] Select an option: ${NC}"
+ read -r choice
+ case $choice in
+ 1) single_url ;;
+ 2) mul_url ;;
+ 3) echo -e "${RED}[!] Exiting...${NC}" ; exit 0 ;;
+ *) echo -e "${RED}[!] Invalid option. Please try again.${NC}" ;;
+ esac
+ done
+}
+
+# Start the script
+menu
\ No newline at end of file
diff --git a/clickjack.sh b/clickjack.sh
deleted file mode 100644
index 683ed6a..0000000
--- a/clickjack.sh
+++ /dev/null
@@ -1,145 +0,0 @@
-#!/bin/bash
-NC='\033[0m'
-RED='\033[1;38;5;196m'
-GREEN='\033[1;38;5;040m'
-ORANGE='\033[1;38;5;202m'
-BLUE='\033[1;38;5;012m'
-BLUE2='\033[1;38;5;032m'
-PINK='\033[1;38;5;013m'
-GRAY='\033[1;38;5;004m'
-NEW='\033[1;38;5;154m'
-YELLOW='\033[1;38;5;214m'
-CG='\033[1;38;5;087m'
-CP='\033[1;38;5;221m'
-CPO='\033[1;38;5;205m'
-CN='\033[1;38;5;247m'
-CNC='\033[1;38;5;051m'
-#Coded By Machine404! Don't copy this code without giving me credit~
-#https://instagram.com/invisibleclay100
-#https://twitter.com/whoami4041
-#https://www.youtube.com/channel/UCC_aPnmV_zGfdwktCFE9cPQ
-function banner(){
-echo -e ${CP}" ______ _ ___ ____ _ __ _ _ ____ _ _______ ______ #"
-echo -e ${CP}" / / ___| | |_ _/ ___| |/ / | / |/ ___| |/ /___ /| _ \ \ #"
-echo -e ${CP}" | | | | | | | | | ' /_____ _ | | | | | ' / |_ \| |_) | | #"
-echo -e ${CP}" < <| |___| |___ | | |___| . \_____| |_| | | |___| . \ ___) | _ < > > #"
-echo -e ${CP}" | |\____|_____|___\____|_|\_\ \___/|_|\____|_|\_\____/|_| \_\ | #"
-echo -e ${CP}" \_\ /_/ #"
-echo -e ${CNC}" A Simple Tool To Find ClickJacking Vulnerability With POC #"
-echo -e ${YELLOW}" Coded By: Machine404 #"
-echo -e ${CP}" Follow Me On: ${CPO}Instagram: invisibleclay100 #"
-echo -e ${CP}" ${PINK}Twitter: whoami4041 #"
-echo -e ${RED}"#############################################################################\n "
-
-}
-function single_url(){
-clear
-banner
-echo -e -n ${BLUE}"\n[+] Enter domain name (e.g http|https://target.com/) : "
-read url
-check=$(curl -s -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/81.0" --connect-timeout 5 --head $url )
-echo "$check" >> temp.txt
-sami=$(cat temp.txt | egrep -w 'X-Frame-Options|Content-Security-Policy|x-frame-options|content-security-policy:' )
-
-
-if [[ $sami = '' ]];
-then
-echo -e -n "\n[ ✔ ] ${NC}$url ${RED}VULNERABLE \n"
-sleep 1
-echo -e -n ${BLUE}"\nDo U Want To Open POC In Browser: [y/n]: "
-read back_press
-if [ $back_press = "y" ]; then
-if [ -f vuln.html ]; then
-#echo -e -n ${RED}"[*] Old Vuln.html File Found! Removing Old File! "
-rm vuln.html
-fi
-if [ -f poc.html ];
-then
-cat poc.html | sed "s|vuln|$url|" >> vuln.html
-open vuln.html
-rm temp.txt
-
-else
- echo -e -n ${RED}"[ X ] POC File Not Found! Exiting"
- exit
-fi
-elif [ $back_press = "n" ]; then
-echo -e -n ${CP}"[+] POC Saved As Vuln.html"
-rm temp.txt
-cat poc.html | sed "s|vuln|$url|" >> vuln.html
-sleep 1
- exit
- fi
-
-else
-
-
-echo -e -n ${CP}"\n[ X ] $url ${CG}NOT VULNERABLE "
-fi
-}
-
-function mul_url(){
-clear
-banner
-echo -e -n ${CP}"\n[+] Enter path of lists (e.g http|https://target.com/) : "
-read urls
-for sanga in $(cat $urls);
-do
-res=$(curl -s -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/81.0" --connect-timeout 5 --head $sanga )
-echo "$res" >> temp.txt
-
-sami=$(cat temp.txt | egrep -w 'X-Frame-Options|Content-Security-Policy|x-frame-options|content-security-policy:' )
-
-if [[ $sami = '' ]];
-then
-
-
-
-echo -e -n ${BLUE2}"\n[ ✔ ] ${CG}$sanga ${RED}VULNERABLE \n"
-echo "$sanga" >> vulnerable_urls.txt
-else
-
-echo -e -n ${CP}"\n[ X ] ${NC}$sanga ${YELLOW}NOT VULNERABLE "
-fi
-
-done
-rm temp.txt
-}
-trap ctrl_c INT
-ctrl_c() {
-clear
-echo -e ${RED}"[*] (Ctrl + C ) Detected, Trying To Exit... "
-echo -e ${RED}"[*] Stopping Services... "
-if [ -f temp.txt ]; then
-rm temp.txt
-fi
-sleep 1
-echo ""
-echo -e ${YELLOW}"[*] Thanks For Using CLICK-J1CK3R :)"
-exit
-}
-
-menu()
-{
-clear
-banner
-echo -e ${YELLOW}"\n[*] Choose Scanning Type: \n "
-echo -e " ${NC}[${CG}"1"${NC}]${CNC} Single Domain Scan"
-echo -e " ${NC}[${CG}"2"${NC}]${CNC} Multiple Domains Scan"
-echo -e " ${NC}[${CG}"3"${NC}]${CNC} Exit"
-
-echo -n -e ${YELLOW}"\n[+] Select: "
- read redi_play
- if [ $redi_play -eq 1 ]; then
- single_url
- elif [ $redi_play -eq 2 ]; then
- mul_url
- elif [ $redi_play -eq 3 ]; then
- exit
- fi
-}
-menu
-#Coded By Machine404! Don't copy this code without giving me credit~
-#https://instagram.com/invisibleclay100
-#https://twitter.com/whoami4041
-#https://www.youtube.com/channel/UCC_aPnmV_zGfdwktCFE9cPQ
diff --git a/poc.html b/poc.html
deleted file mode 100644
index 30b796a..0000000
--- a/poc.html
+++ /dev/null
@@ -1,33 +0,0 @@
-
-
- ClickJacking POC
-
-
-
-
-
- POC Made By Machine404
-
-
-
-
-
-
-
-