wfuzz v3.0.2 released: Web application fuzzer
Wfuzz has been created to facilitate the task in web application assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given...
Category: WebApp PenTest
PhoneInfoga v2.3.5 releases: Information gathering & OSINT reconnaissance tool for phone numbers
PhoneInfoga Information gathering & OSINT reconnaissance tool for phone numbers. One of the most advanced tools to scan phone numbers using only free resources. The goal is to first gather basic information such as...
hubble v4.0.1-rc1 releases: a modular, open-source security compliance framework
HubbleStack (Hubble for short) is a modular, open-source, security & compliance auditing framework which is built in python, using SaltStack as a library. It provides on-demand profile-based auditing, real-time security event notifications, alerting and...
jwt_tool v1.3.5 releases: A toolkit for testing, tweaking and cracking JSON Web Tokens
The JSON Web Token Toolkit jwt_tool.py is a toolkit for validating, forging and cracking JWTs (JSON Web Tokens). Its functionality includes: Checking the validity of a token Testing for the RS/HS256 public key mismatch vulnerability Testing for...
secureCodeBox v2.1 releases: automate a bunch of security-testing tools out of the box
Continuous Secure Delivery – Out of the Box secureCodeBox is a docker based, modularized toolchain for continuous security scans of your software project. Its goal is to orchestrate and easily automate a bunch of security-testing...
Mondoo v1.2 releases: Cloud-Native Security & Vulnerability Risk Management
Mondoo Mondoo is a natural language query system for scanning, deploying, and remediating your cloud-native applications. Feature Insights into your fleet Ask questions about your deployments and get answers. Simple questions are answered using...
nosqli: NoSql Injection CLI tool
NoSQL Injector NoSQL scanner and injector. It aims to be fast, accurate, and highly usable, with an easy to understand command-line interface. Features Nosqli currently supports nosql injection detection for Mongodb. It runs the...
GitDorker: scrape secrets from GitHub
GitDorker GitDorker is a tool that utilizes the GitHub Search API and an extensive list of GitHub dorks that I’ve compiled from various sources to provide an overview of sensitive information stored on github...
feroxbuster v1.0.5 releases: fast, simple, recursive content discovery tool written in Rust
What the heck is a ferox anyway? Ferox is short for Ferric Oxide. Ferric Oxide, simply put, is rust. The name rustbuster was taken, so I decided on a variation. What’s it do tho?...
Sifter v10.3 releases: osint, recon & vulnerability scanner
Sifter Sifter is an osint, recon & vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts,...
