Stratus Red team Stratus Red Team is “Atomic Red Team™” for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner. Stratus Red Team is a lightweight Go binary you...
Go Test WAF GoTestWAF is a tool for API and OWASP attack simulation, that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, and others. It was designed to...
Secret Magpie Organisations struggle to scan for leaked secrets in ALL of their repos. It’s easy to scan one repo, but time-consuming and tedious to scan all of them. SecretMagpie is a secret detection...
Credential Digger Credential Digger is a GitHub scanning tool that identifies hardcoded credentials (Passwords, API Keys, Secret Keys, Tokens, personal information, etc), filtering the false positive data through machine learning models. It supports Python...
waymore The idea behind waymore is to find even more links from the Wayback Machine than other existing tools. 👉 The biggest difference between waymore and other tools is that it can also download the archived responses for URLs on...
Programming / Web Vulnerability Analysis
by do son · Published November 30, 2020 · Last modified November 26, 2023
js-x-ray JavaScript AST analysis. This package has been created to export the Node-Secure AST Analysis to enable better code evolution and allow better access to developers and researchers. The goal is to quickly identify dangerous code...
What is DalFox Just, XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a Ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published March 28, 2023 · Last modified November 23, 2023
Artemis A modular web reconnaissance tool and vulnerability scanner based on Karton. Features Artemis includes: subdomain scan using crt.sh, Shodan integration, brute-forcing of interesting paths (e.g. .env), brute-forcing of easy WordPress/MySQL/PostgreSQL/FTP passwords, email configuration...
Dependency Check Dependency Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform...
by do son · Published September 11, 2021 · Last modified November 22, 2023
graphw00f – GraphQL Server Fingerprinting graphw00f is a Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint. How does it work? graphw00f...
