Information Security
XSS-Freak XSS-Freak is an XSS scanner fully written in python3 from scratch. It is one of its kind since it crawls the website for all possible links and directories to expand its attack scope....
Finsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also includes “copysploit” to copy any exploit-db exploit to the current directory and “compilesploit” to...
nray Nray is a free, platform and architecture-independent port and application layer scanner. Apart from regular targets (list of hosts/networks), it supports dynamic target selection, based on sources like certificate transparency logs or LDAP....
WPScan is a black box WordPress vulnerability scanner. Changelog v3.7.7 Fixed rare crash due to conflict between slugs and API endpoints Fixed Incorrect RDF URLs detection Install Requirement Ruby >= 2.2.2 – Recommended: 2.3.3...
See-SURF A Python-based scanner to find potential SSRF parameters in a web application. Motivation SSRF being one of the critical vulnerabilities out there in the web, I see there was no tool which would...
WhoUr is a simple tool in python for getting info of a website and scan sqli vuln with google. this is fast but is not powerful, actually is under construction, but is useful. Features:...
XSRF Probe XSRF Probe is an advanced Cross-Site Request Forgery Audit Toolkit equipped with Powerful Crawling and Intelligent Token Generation Capabilities. Some Features: Performs several types of checks before declaring an endpoint as vulnerable. Can detect...
is-website-vulnerable finds publicly known security vulnerabilities in a website’s frontend JavaScript libraries Changelog v1.11.2 (2020-01-18) Install npm install -g is-website-vulnerable Use npx is-website-vulnerable https://example.com [–json] [–js-lib] [–mobile|–desktop] [–chromePath] Copyright 2019 Liran Tal <liran.tal@gmail.com> Source:...
Project Black Scope control, scope scanner and progress tracker for easier working on a bug bounty or pentest project Anatoly Ivanov of Positive Technologies What is this tool for? The tools encourage more methodical work on...
Corsy Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. Tests implemented Pre-domain bypass Post-domain bypass Backtick bypass Null origin bypass Invalid value Wild card value Origin reflection test...
