Information Security
Garud An automation tool that scans sub-domains, sub-domain takeover, and then filters out xss, ssti, ssrf, and more injection point parameters. Requirements: Go Language, Python 2.7, or Python 3. System requirements: Recommended to run...
The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names, and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to...
Safety is a command-line tool. Use it to check your local virtual environment, your requirement files, or any input from stdin for dependencies with security issues. If you are using something insecure, you’ll get...
WPrecon (WordPress Recon) Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go. Features Detection WAF Fuzzing Backup Files Fuzzing Passwords Random User-Agent Plugin(s) Enumerator Theme(s) Enumerator Scripts Tor...
OWASP Juice Shop OWASP Juice Shop is an intentionally insecure web app for security training written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. For a detailed introduction, full...
WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. It recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices....
What the heck is a ferox anyway? Ferox is short for Ferric Oxide. Ferric Oxide, simply put, is rust. The name rustbuster was taken, so I decided on a variation. What’s it do tho?...
BurpCrypto Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the...
HawkScan Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x) This script uses “WafW00f” to detect the WAF in the first step. This script uses “Sublist3r” to scan subdomains....
bulwark An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports. Changelog v6.4.8 Build System dockerfile: remove unneeded packages (b6c9de1) Install & Use Copyright (c) 2020 Softrams LLC
Suggested Reading