Information Security
The OWASP Zed Attack Proxy (ZAP) is easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security...
XCat XCat is a command-line tool to exploit and investigate blind XPath injection vulnerabilities. It supports a large number of features: Auto-selects injections (run xcat injections for a list) Detects the version and capabilities of the...
The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to...
Mitaka Mitaka is an OSINT friendly IOC (Indicator of Compromise) search tool. It works as a Chrome extension and it makes possible to search / scan IOC via the context menu. Features Supported IOC...
Drupwn Drupwn claims to provide an efficient way to gather Drupal information. It is a python script, following a modular architecture for maintenance and enhancement purposes, which allows enumerating various kind of information that...
is-website-vulnerable finds publicly known security vulnerabilities in a website’s frontend JavaScript libraries Changelog v1.14.2 (2020-05-20) Bug Fixes upgrade deps (#71) (3a9506a) Install npm install -g is-website-vulnerable Use npx is-website-vulnerable https://example.com [–json] [–js-lib] [–mobile|–desktop] [–chromePath] Copyright...
quiver Quiver is an opinionated and curated collection of commands, notes, and scripts I use for bug bounty hunting. Features ZSH / Oh-My-ZSH shell plugin Tab auto-completion Prefills the command line doesn’t hide commands...
Searpy Search Engine Toolkit Install git clone https://github.com/j3ers3/Searpy pip install -r requirement.txt Configure API: ./util/config.py Use python Searpy -h Example python Searpy.py –fofa -s “app:jboss” -p 1 python Searpy.py –shodan -s “weblogic” -l 10...
The JSON Web Token Toolkit jwt_tool.py is a toolkit for validating, forging and cracking JWTs (JSON Web Tokens). Its functionality includes: Checking the validity of a token Testing for the RS/HS256 public key mismatch vulnerability Testing for...
Continuous Secure Delivery – Out of the Box secureCodeBox is a docker based, modularized toolchain for continuous security scans of your software project. Its goal is to orchestrate and easily automate a bunch of security-testing...
