hackUtils: hack tool kit for pentest and web security research
hackUtils It is a hacking toolkit for pentest and web security research, which is based on BeautifulSoup bs4 module. Feature Add exploit module for Joomla 1.5 – 3.4.5 – Object...
Category: Web Information Gathering
Drystan: Automated information gathering tool for pentest
Drystan Automated information gathering tool for pentest. How It Works explore domain information. search and enumerate subDomains/IPs. extract all IP & ports. identify service. detect vulnerability(brute & exploit). Tools Already...
SPartan: Frontpage & Sharepoint fingerprinting and attack tool
SPartan is a Frontpage and Sharepoint fingerprinting and attack tool. Features: Sharepoint and Frontpage fingerprinting Management of Friendly 404s Default Sharepoint and Frontpage file and folder enumeration Active Directory account...
Shodan Release new feature: Tracking Hacked Websites
On December 1, Shodan introduced a new feature that allows you to trace hacked websites. Normally, One thing they tend to have in common though is that they start their signature...
recon.sh: toolset to track & organize output of reconnaissance tools
recon.sh This tool is for the computer hacking community and gives a framework for storing reconnaissance (recon) information. Recon is a tedious and continuous process that involves mentally processing and...
yotter: find information leakage
yotter This bash script performs recon by: finding the targets IP finding the targets IP range checks online for subdomains ( pkey.in | hackertarget.com | virustotal.com ) bruteforces for subdomains...
RepoSsessed: parse public source code repositories & find various types of vulnerabilities
RepoSsessed is a project designed to parse public source code repositories and find various types of vulnerabilities. The current focus is on finding secrets, but see the Next Steps section...
domain hunter: Burp Suite Extender to search sub domain from sitemap
domain_hunter A Burp Suite extender that searches subdomains and similar domains from the sitemap. Sometimes similar domain gives you suprise^_^. that’s why I care about it. Usage download this burp extender from here....
tweets analyzer: Tweets metadata scraper & activity analyzer
tweets analyzer – Simple Twitter Profile Analyzer The goal of this simple python script is to analyze a Twitter profile through its tweets by detecting: Average tweet activity, by hour...
Common WebApp source leak
This article is mainly to record the common WebApp source leak, these often appear in the web penetration test and CTF. This section illustrates the most popular web application security...
OSINT: some usefull script for gathering information
OSINT Small scripts for OSINT. Download git clone https://github.com/woj-ciech/OSINT.git #1. Instagram Small proof of concept to show how to retrieve exact location of photos from instagram. At instagram.com you can only...
PwnBack: Burp Extender plugin that generates a sitemap of a website
PwnBack Burp Extender plugin that generates a sitemap of a website using Wayback Machine PwnBack requires PhantomJS to run. You can download it from here To understand why it is required...
Breacher: An advanced multithreaded admin panel finder
Breacher A script to find admin login pages and EAR vulnerabilities. Features Multi-threading on demand Big path list (482 paths) Supports php, asp and html extensions Checks for potential EAR...
Virtual host scanner: enumerate virtual hosts on a server
Virtual host scanner This is a basic HTTP scanner that’ll enumerate virtual hosts on a given IP address. During recon, this might help expand the target by detecting old or...
subjack: Hostile Subdomain Takeover tool
subjack subjack is a Hostile Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go’s...
