Web xKaliBurr: An Online Platform for Information Gathering in Pentest for Internet Applications

Daniel R. Barros; Lucas Cabral; João V. A. Oliveira; Felipe M. Castro; Lucas L. Soares; José M. Monteiro; Joaquim Bento; Lincoln S. Rocha

doi:10.5753/jbcs.2026.5550

Authors

Daniel R. Barros Federal University of Ceará https://orcid.org/0009-0008-5346-047X
Lucas Cabral Federal University of Ceará https://orcid.org/0009-0002-9668-6184
João V. A. Oliveira Federal University of Ceará https://orcid.org/0009-0008-5607-9391
Felipe M. Castro Federal University of Ceará https://orcid.org/0009-0005-5048-4108
Lucas L. Soares Federal University of Ceará https://orcid.org/0009-0006-7771-1339
José M. Monteiro Federal University of Ceará https://orcid.org/0000-0002-5583-6070
Joaquim Bento Federal University of Ceará https://orcid.org/0000-0003-1143-6662
Lincoln S. Rocha Federal University of Ceará https://orcid.org/0000-0001-5402-8744

DOI:

https://doi.org/10.5753/jbcs.2026.5550

Keywords:

Cybersecurity, Offensive Security, Pentesting, Intelligence Gathering, OSINT Tool

Abstract

The Information Gathering stage in web Pentests is crucial as it lays the foundation for all subsequent activities. However, comprehensive information gathering requires the manual use of various tools that demand advanced technical knowledge. In this context, we propose Web xKaliBurr, an open-source web tool that automates the information gathering stage of web Pentest. With a simple and user-friendly interface, the proposed tool performs extensive scans from the site's URL, providing a wide range of information and recommendations, allowing users without advanced knowledge to assess their site's security and detect potential flaws or vulnerabilities. To evaluate Web xKaliBurr, we applied the System Usability Scale (SUS) questionnaire to measure aspects of usability in accordance with the user's subjective assessment and the Net Promoter Score (NPS) method to measure user satisfaction and willingness to recommend it to others. This study involved 10 respondents. The SUS method had a score of 80, which indicates a good to excellent product, and the results of using NPS reached a value of 70%, reflecting a very good level of user satisfaction. Besides, we performed an evaluation with 3 experts in web Pentests.

Downloads

Download data is not yet available.

References

Ax Framework, M. L. (2025). Ax framework. Available at:[link].

Bangor, A., Kortum, P., and Miller, J. (2009). Determining what individual sus scores mean: Adding an adjective rating scale. Journal of usability studies, 4(3):114-123. Available at:[link].

Barros, D. R., Pimenta, S. A., Rocha, L. S., and Monteiro, J. M. (2023). Exekaliburr: uma ferramenta exploratória auxiliar para o levantamento de informaçoes em pentests web. In Anais Estendidos do XXIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 1-8. SBC. DOI: 10.5753/sbseg_estendido.2024.242014.

Bevan, N., Carter, J., Earthy, J., Geis, T., and Harker, S. (2016). New iso standards for usability, usability reports and usability measures. In International conference on human-computer interaction, pages 268-278. Springer. DOI: 10.1007/978-3-319-39510-4_25.

Brooke, J. (1996). Sus: a “quick and dirty’usability. Usability evaluation in industry, 189(3). Available at:[link].

Charlton, S. G. and O'Brien, T. G. (2019). Handbook of human factors testing and evaluation. CRC Press. DOI: 10.1201/9781003000815.

Claridge, N. and Kirakowski, J. (2011). Wammi: website analysis and measurement inventory questionnaire. Retrived May, 20(2013):57-66. Available at:[link].

De Jimenez, R. E. L. (2016). Pentesting on web applications using ethical-hacking. In 2016 IEEE 36th Central American and Panama Convention (CONCAPAN XXXVI), pages 1-6. IEEE. DOI: 10.1109/CONCAPAN.2016.7942364.

DeHashed (2025). Dehashed. Available at:[link]. Take your employee security to the next level. Accessed at 02/05/2025.

Dewan, P., Kashyap, A., and Kumaraguru, P. (2014). Analyzing social and stylometric features to identify spear phishing emails. In 2014 apwg symposium on electronic crime research (ecrime), pages 1-13. IEEE. DOI: 10.1109/ecrime.2014.6963160.

Edwards, P. L. (2019). Cyber Automated Red Team Tool. PhD thesis, Monterey, CA; Naval Postgraduate School. Available at:[link].

Fadziso, T., Thaduri, U., Dekkati, S., Ballamudi, V., and Desamsetti, H. (2023). Evolution of the cyber security threat: an overview of the scale of cyber threat. Digitalization & Sustainability Review, 3(1):1-12. Avaialble at:[link].

Force, J. T. (2018). Risk management framework for information systems and organizations. NIST Special Publication, 800:37. DOI: 10.6028/nist.sp.800-37r2.

Jones, K. S., Namin, A. S., and Armstrong, M. E. (2018). The core cyber-defense knowledge, skills, and abilities that cybersecurity students should learn in school: Results from interviews with cybersecurity professionals. ACM Transactions on Computing Education (TOCE), 18(3):1-12. DOI: 10.1145/3152893.

Kirakowski, J. and Corbett, M. (1993). Sumi: The software usability measurement inventory. British journal of educational technology, 24(3):210-212. DOI: 10.1111/j.1467-8535.1993.tb00076.x.

Korneta, P. (2014). What makes customers willing to recommend a retailer-the study on roots of positive net promoter score index. Central European Review of Economics & Finance, 5(2):61-74. Available at:[link].

Laxmi Kowta, A. S., Bhowmick, K., Kaur, J. R., and Jeyanthi, N. (2021). Analysis and overview of information gathering & tools for pentesting. In 2021 International Conference on Computer Communication and Informatics (ICCCI), pages 1-13. DOI: 10.1109/ICCCI50826.2021.9457015.

Lee, S. (2018). Net promoter score: Using nps to measure it customer support satisfaction. In Proceedings of the 2018 ACM SIGUCCS Annual Conference, pages 63-64. DOI: 10.1145/3235715.3235752.

Lewis, J. R. (2018). The system usability scale: past, present, and future. International Journal of Human-Computer Interaction, 34(7):577-590. DOI: 10.1080/10447318.2018.1455307.

Mandal, P. C. (2014). Net promoter score: a conceptual analysis. International Journal of Management Concepts and Philosophy, 8(4):209-219. DOI: 10.1504/ijmcp.2014.066899.

Mohurle, S. and Patil, M. (2017). A brief study of wannacry threat: Ransomware attack 2017. International journal of advanced research in computer science, 8(5):1938-1940. DOI: 10.26483/ijarcs.v8i5.4021.

Najera-Gutierrez, G. and Ansari, J. A. (2018). Web Penetration Testing with Kali Linux: Explore the methods and tools of ethical hacking with Kali Linux. Packt Publishing Ltd. Book.

Nielsen, J. (1995). How to conduct a heuristic evaluation. Nielsen Norman Group, 1:1-8. Available at:[link].

Nielsen, J. et al. (2012). Usability 101: Introduction to usability. Available at:[link].

Nmap Public Source License, G. G. (2025). Nmap: Discover your network. Available at:[link].

OWASP Amass Project, A. . L. (2025). Owasp amass project. Available at:[link].

OWASP Foundation (2021). OWASP Top 10:2021. OWASP Foundation. Available at:[link]. Acessado em 04 de Junho de 2024.

Probely, S. H. P. (2025). Security headers powered by probely. Available at:[link] Accessed at 02/05/2025.

Ras, Z. W., Tarnowska, K. A., Kuang, J., Daniel, L., and Fowler, D. (2017). User friendly nps-based recommender system for driving business revenue. In International Joint Conference on Rough Sets, pages 34-48. Springer. DOI: 10.1007/978-3-319-60837-2_4.

Schrepp, M. (2015). User experience questionnaire handbook. All you need to know to apply the UEQ successfully in your project. Available at:[link].

Sherlock, C. S. D. M. (2025). Sherlock project. Available at:[link] Accessed at 02/05/2025.

Shodan (2025). Shodan monitor - search engine for the internet of everything. Available at:[link]. Accessed at 02/05/2025.

Sn1per, L. A. E. (2025). Sn1per security. Available at:[link].

SpiderFoot, M.-l. (2025). Spiderfoot: Attack surface exposure. Available at:[link].

Stenberg, D. (2025). command line tool and library for transferring data with urls (since 1998). Available at:[link].

Stuttard, D. and Pinto, M. (2011). The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws. Wiley. Book.

Tabatabaei, F. and Wells, D. (2017). Osint in the context of cyber-security. Open Source Intelligence Investigation: From Strategy to Implementation, pages 213-231. DOI: 10.1007/978-3-319-47671-1_14.

TheHarvester, C. M. (2025). Theharvester. Available at:[link]. Accessed at 02/05/2025.

urbanadventurer aka Andrew Horton and GPLv, B. C. L. (2025). What is that website. next generation web scanner. identify the technology stack that powers a website and explore the web of things. Available at:[link].

Walker, M. (2013). Certified Ethical Hacker Practice Exams. McGraw-Hill Osborne Media. Book.

Weidman, G. (2014). Penetration Testing: A Hands-on Introduction to Hacking. Novatec. Book.