WebApp PenTest Archives • Cybersecurity News

apidetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains

do son April 26, 2024

APIDetector APIDetector is a powerful and efficient tool designed for testing exposed Swagger endpoints in various subdomains...

pphack: The Most Advanced Client-Side Prototype Pollution Scanner

do son April 26, 2024

pphack pphack is a CLI tool for scanning websites for client-side prototype pollution vulnerabilities. Feature Fast (concurrent...

SmuggleFuzz: HTTP/2 based downgrade and smuggle scanner HTTP downgrade attack

SmuggleFuzz: HTTP/2 based downgrade and smuggle scanner

do son April 19, 2024

SmuggleFuzz SmuggleFuzz is designed to assist in identifying HTTP downgrade attack vectors. Its standout feature is not...

Damn Vulnerable RESTaurant: An intentionally vulnerable Web API game for learning and training

do son April 8, 2024

Damn Vulnerable RESTaurant An intentionally vulnerable API service designed for learning and training purposes dedicated to developers,...

secator: The pentester’s swiss knife security assessments

secator: The pentester’s swiss knife

do son April 3, 2024

secator secator is a task and workflow runner used for security assessments. It supports dozens of well-known...

Arjun: HTTP parameter discovery suite

do son April 1, 2024

Arjun Arjun can find query parameters for URL endpoints. If you don’t get what that means, it’s...

Emora: GUI OSINT tool to search accounts by username across social networks

do son March 22, 2024

Emora Emora allows you to search for accounts by username across social networks. Inspired by tools like Sherlock,...

OSTE-Meta-Scanner: A comprehensive web vulnerability scanner

do son March 20, 2024

OSTE-Meta-Scanner This project aims to simplify the field of Dynamic Application Security Testing. The OSTE meta scanner...

OFFAT: OFFensive Api Tester OWASP API Top 10 Checks

OFFAT: OFFensive Api Tester

do son March 19, 2024

OWASP OFFAT OWASP OFFAT (OFFensive Api Tester) is created to automatically test API for common vulnerabilities after...

git-alerts: detect and monitor GitHub org users’ public repositories for secrets and sensitive files

do son March 18, 2024

GitAlerts GitHub repositories created under any organization can be controlled by the GitHub administrators. However, any repository...

sicat: an advanced exploit search tool

do son March 9, 2024

SiCat – The useful exploit finder SiCat is an advanced exploit search tool designed to identify and...

SessionProbe: assist in evaluating user privileges in web applications session token authorization

SessionProbe: assist in evaluating user privileges in web applications

do son March 7, 2024

SessionProbe SessionProbe is a multi-threaded pentesting tool designed to assist in evaluating user privileges in web applications....

troll-a: extracting secrets such as passwords, API keys, and tokens from Web ARChive files finding secrets web archives

troll-a: extracting secrets such as passwords, API keys, and tokens from Web ARChive files

do son February 24, 2024

Troll-A Troll-A is a command line tool for extracting secrets such as passwords, API keys, and tokens...

sessionless: Burp Suite extension for editing, signing, verifying various signed web tokens Burp Suite extension token

sessionless: Burp Suite extension for editing, signing, verifying various signed web tokens

do son February 15, 2024

Sessionless Sessionless is a Burp Suite extension for editing, signing, verifying, and attacking signed tokens: Django TimestampSigner, ItsDangerous...

TInjA: CLI tool for testing web pages for template injection vulnerabilities

do son February 13, 2024

TInjA – the Template INJection Analyzer TInjA is a CLI tool for testing web pages for template injection vulnerabilities....