Security Training Share
testxss PHP tool to test XSS. Note that this is an automated tool, a manual check is still required. Download git clone https://github.com/gwen001/testxss.git Use Usage: php testxss.php [OPTIONS] Options: -h, –help print this help –burp...
Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications...
Raccoon Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and...
phpcs-security-audit v2 phpcs-security-audit is a set of PHP_CodeSniffer rules that find vulnerabilities and weaknesses related to security in PHP code. It currently has core PHP rules as well as Drupal 7 specific rules. The tool also...
FireShodanMap is a Real-time map that integrates Firebase, Google Maps, and Shodan. A search is carried out using Shodan searching for vulnerable devices and they are shown on the map for analysis. All data...
ODAT ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that tests the security of Oracle Databases remotely. Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order...
HackB0x v1.0 HackBox is the combination of awesome tools and techniques. This tool includes [1] – Xss [2] – Exploits [3] – Subdomain scanner [4] – Whois Lookup [5] – SSRF Injection [6] –...
Taipan – Web Application Security Scanner Taipan is an automated web application scanner which allows identifying web vulnerabilities in an automatic fashion. This project is the core engine of a broader project which includes other...
DefectDojo is an open-source application vulnerability correlation and security orchestration application. It allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect...
WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a...
Pybelt is an open source hacker tool belt complete with: A port scanner SQL injection scanner Dork checker Hash cracker Hash type verification tool Proxy finding tool XSS scanner It is capable of cracking...
TROMMEL sifts through directories of files to identify indicators that may contain vulnerabilities. It identifies the following indicators related to: Secure Shell (SSH) key files Secure Socket Layer (SSL) key files Internet Protocol (IP)...
Damn Vulnerable NodeJS Application (DVNA) is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. The fixes branch will contain fixes for the vulnerabilities. Fixes for vulnerabilities OWASP Top...
Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug...
