OpenDoor OWASP is a console multifunctional websites scanner. This application finds all possible ways to login, index of/ directories, web shells, restricted access points, subdomains, hidden data, and large backups. The scanning is performed...
LinkFinder LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. This way penetration testers and bug hunters are able to gather new, hidden endpoints on the websites they...
Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published May 26, 2018
s3-buckets-bruteforcer PHP tool to brute force Amazon S3 bucket Note that this is an automated tool, a manual check is still required. Installation Requirement: apt-get install awscli aws configure Clone the repo git clone https://github.com/gwen001/s3-buckets-finder.git...
003Recon: Some tools to automate recon This repository contains some of my scripts that I created to automate some recon processes. It performs the following things; Get subdomains of a domain Filter out only...
s3-inspector Tool to check AWS S3 bucket permissions. Compatible with Linux, MacOS and Windows, python 2.7 and 3. May be used as AWS Lambda function. What it does Checks all your buckets for public access...
MassDNS 0.3 A high-performance DNS stub resolver MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even...
Web Information Gathering / WebApp PenTest
by do son · Published May 17, 2018 · Last modified October 10, 2021
Paskto – Passive Web Scanner Paskto will passively scan the web using the Common Crawl internet index either by downloading the indexes on request or parsing data from your local system. URLs are then...
Scumblr Scumblr is a web application that allows performing periodic syncs of data sources (such as Github repositories and URLs) and performing analysis (such as static analysis, dynamic checks, and metadata collection) on the...
DNSBrute Subdomain enumeration is often the first step in penetration testing and is the precondition for collecting IP information and vulnerabilities. Previously testing the subdomain demolition software in the current community is not very...
Subdomain3 Subdomain3 is a new generation of the tool, It helps penetration testers to discover more information in a shorter time than other tools.The information includes subdomains, IP, CDN, and so on. Features More...
Password Attacks / Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published May 9, 2018
TheDoc is a simple but very useful SQLMAP Automator with built-in admin finder, hash cracker(using hashcat) and more! Abilities: Counts total injections tried. Crawls given domain for vulnerabilities. Extracts Database Infos (via injection URL)...
Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published May 8, 2018
PAVELOW Exploit Toolbox PAVELOW helps you with your exploiting and vulnerability searching adventures on KALI Linux by using a few different pre-installed tools among several others that PAVELOW will installed & setup for you....
CTFR Do you miss AXFR technique? This tool allows getting the subdomains from an HTTPS website in a few seconds. How does it work? CTFR does not use neither dictionary attack nor brute-force, it just...
SCTF Security Capture the Flag Platform is the best platform for CTF Challenges. You will be able to define Teams, Challenges, and access to relative statistics. SCTF is lightweight and fast Django application that...
versionscan Versionscan is a tool for evaluating your currently installed PHP version and checking it against known CVEs and the versions they were fixed in to report back potential issues. Changelog v1.5.4 Updating with...
Secure Your Connection
