PyCript The Pycript extension for Burp Suite is a valuable tool for penetration testing and security professionals. It enables easy encryption and decryption of requests during testing, which can help evade detection and bypass...
SysReptor – Pentest Reporting Easy As Pie 📝 Write in markdown ✏️ Design in HTML/VueJS ⚙️ Render your report to PDF 🚀 Fully customizable 💻 Self-hosted or Cloud 🎉 No need for Word Security Considerations Template Injection SysReptor uses...
rayder Rayder is a command-line tool designed to simplify the orchestration and execution of workflows. It allows you to define a series of modules in a YAML file, each consisting of commands to be...
Defense / Vulnerability Analysis / Web Vulnerability Analysis
by do son · Published February 22, 2021 · Last modified November 19, 2023
enlightn Think of Enlightn as your performance and security consultant. Enlightn will “review” your code and server configurations, and give you actionable recommendations on improving performance, security, and reliability! The Enlightn OSS (open source...
Uscrapper Introducing Uscrapper 2.0, A powerful OSINT web scrapper that allows users to extract various personal information from a website. It leverages web scraping techniques and regular expressions to extract email addresses, social media...
Arjun Arjun is a python script for finding hidden GET & POST parameters using regex and bruteforce. Web applications use parameters (or queries) to accept user input, take the following example into consideration http://api.example.com/v1/userinfo?id=751634589...
mitmproxy mitmproxy is an interactive, SSL-capable intercepting proxy with a console interface. mitmdump is the command-line version of mitmproxy. Think tcpdump for HTTP. mitmweb is a web-based interface for mitmproxy. pathoc and pathod are...
Vulnerability Analysis / Web Vulnerability Analysis
by do son · Published June 9, 2019 · Last modified November 13, 2023
DefectDojo is an open-source application vulnerability correlation and security orchestration application. It allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities, and push findings into defect...
httpx httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. Features Simple and modular codebase making it easy...
BucketLoot BucketLoot is an automated S3-compatible Bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning...
