WAFW00F identifies and fingerprints Web Application Firewall (WAF) products. How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies...
Wfuzz has been created to facilitate the task in web application assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the...
linkedin2username OSINT Tool: Generate username lists from companies on LinkedIn. This is a pure web-scraper, no API key required. You use your valid LinkedIn username and password to log in,...
testssl.sh is a free command-line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. Key features Clear...
DNSRecon DNSRecon is a Python port of a Ruby script that I wrote to learn the language and about DNS in early 2007. This time I wanted to learn about...
Goca is a FOCA fork written in Go, which is a tool used mainly to find metadata and hidden information in the documents its scans. These documents may be on web pages and...
Information Gathering / Web Information Gathering
by do son · Published April 21, 2019 · Last modified January 29, 2023
WhatBreach WhatBreach is a tool to search for breached emails and their corresponding database. It takes either a single email or a list of emails and searches them leveraging haveibeenpwned.com’s API,...
OKadminFinder: Easy way to find the admin panel of the site OKadminFinder is an Apache2 Licensed utility, rewritten in Python 3.x, for admins/pentesters who want to find admin panel of a...
Networking / Web Information Gathering
by do son · Published April 18, 2019 · Last modified October 10, 2021
htrace.sh Simple shell script to debugging http/https traffic tracing and response headers. Support external security tools: Mozilla Observatory and SSL Labs API. It is useful for: checking properly domain configuration (web servers/reverse...
DELATOR (lat. informer) is a tool to perform subdomain enumeration and initial reconnaissance through the abusing of certificate transparency logs. It expands on the original work done by Sheila A. Berta with her CTFR tool...
Crawleet Web Recon & Exploitation Tool. It detects and exploits flaws in: Drupal Joomla Magento Moodle OJS Struts WordPress And enumerates themes, plugins and sensitive files Also detects: Crypto mining...
AWS Security tools Bunch of scripts for AWS Pentest lambda/lambda_dumper.py – Script to Dump AWS Lambda functions lambda/lambda_backdoor.py – Backdoor AWS users iam/iam_user_enum – Bruteforce IAM usernames iam/assume_role_enum – Enumerate...
Photon Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target. 160 requests per second while extensive data extraction is just another day...
Programming / Web Information Gathering
by do son · Published April 6, 2019 · Last modified April 5, 2019
Frontera Overview Frontera is a web crawling framework consisting of crawl frontier, and distribution/scaling primitives, allowing to build a large-scale online web crawler. Frontera takes care of the logic and policies...
Information Gathering / Web Information Gathering
by do son · Published March 29, 2019 · Last modified March 9, 2020
Shodan client for JavaScript API 👀 The content of the result is the same provided by the HTTP API. You can check them in the API documentation. version Library version. async host(ip,...
Support Securityonline.info site. Thanks!
