Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published April 9, 2019 · Last modified April 8, 2019
tomcatWarDeployer Apache Tomcat auto WAR deployment & pwning penetration testing tool. What is it? This is a penetration testing tool intended to leverage Apache Tomcat credentials in order to automatically generate and deploy JSP...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published March 29, 2019 · Last modified March 28, 2019
OWASP Offensive Web Testing Framework (OWTF) is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10,...
Web Exploitation / WebApp PenTest
by do son · Published March 28, 2019 · Last modified April 20, 2020
PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server The PowerUpSQL module includes functions that support SQL Server discovery, auditing for common weak configurations, and privilege escalation on the scale. It is intended to be...
XSShell XSShell is a cross-site-scripting reverse shell… Okay, well maybe it’s not a true reverse shell, but it will allow you to interact in real time with an XSS victim’s browser. Just run the...
What is XSS Chef? XSS Chef is a small React.js application inspired by CyberChef, which provides users with a modular way to build JavaScript payloads to typically be used during penetration tests to demonstrate cross-site...
hasherbasher This is a tool used to help exploit poorly designed authentication systems by locating ASCII strings that when MD5 hashed, result in raw bytes that could change SQL logic. You can also check...
Programming / Smartphone PenTest / Web Exploitation / Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published February 4, 2019 · Last modified October 10, 2021
Jackhammer: One Security vulnerability assessment/management tool to solve all the security team problems. What is Jackhammer? Jackhammer is a collaboration tool built with an aim of bridging the gap between Security team vs dev...
JSShell An interactive multi-user web based javascript shell. It was initially created in order to debug remote esoteric browsers during experiments and research. This tool can be easily attached to XSS (Cross Site Scripting)...
XCat XCat is a command-line tool to exploit and investigate blind XPath injection vulnerabilities. It supports a large number of features: Auto-selects injections (run xcat injections for a list) Detects the version and capabilities of the...
Exploitation / Information Gathering / Vulnerability Analysis / Web Exploitation / Web Information Gathering / Web Vulnerability Analysis
by do son · Published December 10, 2018 · Last modified October 10, 2021
Pocsuite is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine, many niche features for the ultimate penetration testers and security researchers....
xxer A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab. Rewritten here because I don’t like Ruby. Basically, this doesn’t actually find XXE injection for...
Web Exploitation / Web Information Gathering / Web Vulnerability Analysis
by do son · Published November 10, 2018 · Last modified January 26, 2021
TIDoS Framework TIDoS Framework is a comprehensive web application audit framework with some serious perks. Highlights:- The main highlights of this framework are: Basic first release (but huge). Has 4 main phases, subdivided into 13...
Exploitation / Web Exploitation
by do son · Published November 2, 2018 · Last modified October 10, 2021
XIP XIP generates a list of IP addresses by applying a set of transformations used to bypass security measures e.g. blacklist filtering, WAF, etc. Below are the implemented transformations: Hexadecimal Decimal Octal IPV4 to...
Bodhi – Client-Side Vulnerability Playground Bodhi is a playground focused on learning the exploitation of client-side web vulnerabilities. The playground has a vulnerable application & a bot program which simulates the real-world victim. An...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published October 7, 2018
WordPress Exploit Framework is a Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. Changelog v2.0.1 Changes Add bypass for admin shell uploads when write...
Secure Your Connection
