TLS Prober: A tool to fingerprint SSL/TLS servers
TLS Prober TLS Prober is a tool for identifying the implementation in use by SSL/TLS servers. It analyses the behavior of a server by sending a range of probes then comparing the responses with...
TLS Prober TLS Prober is a tool for identifying the implementation in use by SSL/TLS servers. It analyses the behavior of a server by sending a range of probes then comparing the responses with...
Bucket Stream Find interesting Amazon S3 Buckets by watching certificate transparency logs. This tool simply listens to various certificate transparency logs (via certstream) and attempts to find public S3 buckets from permutations of the...
Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published July 9, 2018
Astra REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process,...
Exploitation / Information Gathering / Metasploit / Network PenTest / Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest / Wireless
by do son · Published July 8, 2018 · Last modified October 10, 2021
discover For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks. Download, setup & usage git clone https://github.com/leebaird/discover /opt/discover/ All scripts must be run from this location. cd /opt/discover/ ./update.sh ...
TakeOver Sub-domain takeover vulnerability occurs when a sub-domain (subdomain.example.com) is pointing to a service (e.g: GitHub, AWS/S3,..) that has been removed or deleted. This allows an attacker to set up a page on the service that...
cred_scanner A simple command line tool for finding AWS credentials in files. Optimized for use with Jenkins and other CI systems. Install git clone https://github.com/disruptops/cred_scanner.git cd cred_scanner pip install -r requirements.txt Use python cred_scanner.py That will...
aws_public_ips aws_public_ips is a tool to fetch all public IP addresses (both IPv4/IPv6) associated with an AWS account. It can be used as a library and as a CLI, and supports the following AWS...
ReconUI Current Features Subdomain bruteforcing Directory bruteforce for each subdomain. Basic CORS vulnerability check. Auto subdomain takeover for AWS S3 Bucket and Heroku Censys IPv4 lookups. Public XSS search from open bug bounty. Screenshot...
Information Gathering / Network PenTest / Vulnerability Analysis / Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published July 1, 2018
Watchog is an integration of open source security tools aimed to provide a holistic security view for a given domain/IP. The way Watchdog is built it can be used by product security teams, red teams...
PenCrawLer An Advanced Web Crawler and DirBuster PeNCrawLer is an advanced webcrawler and dirbuster designed to use in penetration testing based on Windows Os. Web Crawler Features: Follow Redirects Rendering Javascript Extract links from...
Dzjecter v2.0 – Server checking Tool this tool grap ip from the server, scan, examine of ports and encryption and decryption of the hash and also have other characteristics. How To Use git clone https://github.com/joker25000/Dzjecter...
Web Information Gathering / WebApp PenTest
by do son · Published June 19, 2018 · Last modified October 10, 2021
Devploit v3.6 Devploit is a simple python script for Information Gathering Download git clone git clone https://github.com/joker25000/Devploit chmod +x install ./install Properties : ● DNS Lookup ● Whois Lookup ● GeoIP Lookup ● Subnet Lookup...
TorBoT – OSINT tool for Deep and Dark Web. The basic procedure executed by the web crawling algorithm takes a list of seed URLs as its input and repeatedly executes the following steps: Remove...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published June 14, 2018 · Last modified January 18, 2020
WhoUr is a simple tool in python for getting info of a website and scan sqli vuln with google. this is fast but is not powerful, actually is under construction, but is useful. Features:...
Domain Hunter Domain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly, domains that were used previously for benign purposes and were properly categorized can be...