TorBoT v4.0 releases: Deep and Dark Web OSINT Tool
TorBoT – OSINT tool for Deep and Dark Web. The basic procedure executed by the web crawling algorithm takes a list of seed URLs as its input and repeatedly executes the following steps: Remove...
TorBoT – OSINT tool for Deep and Dark Web. The basic procedure executed by the web crawling algorithm takes a list of seed URLs as its input and repeatedly executes the following steps: Remove...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published June 14, 2018 · Last modified January 18, 2020
WhoUr is a simple tool in python for getting info of a website and scan sqli vuln with google. this is fast but is not powerful, actually is under construction, but is useful. Features:...
Domain Hunter Domain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly, domains that were used previously for benign purposes and were properly categorized can be...
webanalyze This is a port of Wappalyzer (uncovers technologies used on websites) in go to automate scanning. This tool is designed to be performant and allows to test huge lists of hosts. Installation $ go get...
RIPS RIPS is the most popular static code analysis tool to automatically detect vulnerabilities in PHP applications. By tokenizing and parsing all source code files, RIPS is able to transform PHP source code into...
Spidr Spidr is a versatile Ruby web spidering library that can spider a site, multiple domains, certain links or infinitely. Spidr is designed to be fast and easy to use. Features Follows: a tags. iframe tags....
ID-entify is a tool that allows you to search for information in the passive way related to a domain. SEARCH FOR INFORMATION RELATED TO A DOMAIN: Emails IP addresses Domains Information on WEB technology...
goGetBucket – AWS S3 Bucket discovery through alterations and permutation When performing a recon on a domain – understanding assets they own is very important. AWS S3 bucket permissions have been confused time and...
Forensics / Information Gathering / Malware Analysis / Web Information Gathering
by do son · Published June 5, 2018
Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables (e.g. resolve domains, geolocate IPs) so that...
PortWitness is a bash tool designed to find out active domain and subdomains of websites using port scanning. It helps penetration testers and bug hunters collect and gather information about active subdomains for the...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published June 1, 2018 · Last modified October 10, 2021
Galileo – Web Application Audit Framework Galileo is an open source penetration testing tool for the web application, which helps developers and penetration testers identify and exploit vulnerabilities in their web applications. Installation $...
netpwn A framework made to automate tasks of pentesting. Written in python 2.7 Features AutoComplete – Type a few letters of the command you want and hit tab to for auto-completion. clear – Type...
OpenDoor OWASP is a console multifunctional websites scanner. This application finds all possible ways to login, index of/ directories, web shells, restricted access points, subdomains, hidden data, and large backups. The scanning is performed...
LinkFinder LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. This way penetration testers and bug hunters are able to gather new, hidden endpoints on the websites they...
Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published May 26, 2018
s3-buckets-bruteforcer PHP tool to brute force Amazon S3 bucket Note that this is an automated tool, a manual check is still required. Installation Requirement: apt-get install awscli aws configure Clone the repo git clone https://github.com/gwen001/s3-buckets-finder.git...