Category: Web Vulnerability Analysis
HaE – Highlighter and Extractor HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for...
Semgrep Semgrep is a command-line tool for offline static analysis. Use pre-built or custom rules to enforce code and security standards in your codebase. You can try it now with our interactive live editor. Semgrep combines the...
CRLFsuite CRLFsuite is a fast tool specially designed to scan CRLF injection. Features ✔️ Single URL scanning ✔️ Multiple URL scanning ✔️ Stdin supported ✔️ GET & POST method supported ✔️ Concurrency ✔️ Best Payloads list ✔️ Headers supported ✔️ Fast and...
OWASP WrongSecrets Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store your secrets. These can help you to realize whether your secret management...
Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code...
Jeeves Jeeves is made for looking to Time-Based Blind SQLInjection through recon. Install > go install github.com/ferreiraklet/Jeeves@latest OR > git clone https://github.com/ferreiraklet/Jeeves.git > cd Jeeves > go build jeeves.go > chmod +x jeeves ./jeeves...
What is TCA Tencent Cloud Code Analysis (TCA for short, code-named CodeDog inside the company early) is a code comprehensive analysis platform, which includes three components: server, web, and client. It supports the integration...
Osmedeus Automatic Reconnaissance and Scanning in Penetration Testing What is Osmedeus? Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Feature Subdomain Scan. Subdomain TakeOver...
hakrawler What is it? hakrawler is a Go web crawler designed for easy, quick discovery of endpoints and assets within a web application. It can be used to discover: Forms Endpoints Subdomains Related domains...
I would like to talk about arachni, an open-source framework among many Web Vulnerability Scanners (WVS). I tested it briefly, and it seems to be usable. Also, you should learn how to secure coding...