Security Training Share
The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Designed to be entirely extensible by just adding...
The OWASP Zed Attack Proxy (ZAP) is easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security...
snyk Snyk helps you find, fix and monitor known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system. Features Find known vulnerabilities...
SSRFmap A simple service scanner for Server Side Request Forgery vulnerabilities. Installation git clone https://github.com/dreadlocked/SSRFmap.git cd SSRFmap bundle install Use Usage examples Request a single resource via GET request ruby ssrfmap.rb –url http://www.example.com/controller?url=_SSRF_ –target http://169.254.169.254/...
Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection. Currently supported Python versions are 2.7 and 3.5+. Right now Gixy can...
About CORScanner CORScanner is a python tool designed to discover CORS misconfigurations vulnerabilities of websites. It helps website administrators and penetration testers to check whether the domains/urls they are targeting have insecure CORS policies....
Sagacity Sagacity is a vulnerability assessment and compliance data management tool designed to make security testing more efficient, effective and complete. Security assessments, especially those done for DoD and Federal organizations, produce tremendous amounts...
TIDoS Framework TIDoS Framework is a comprehensive web application audit framework with some serious perks. Highlights:- The main highlights of this framework are: Basic first release (but huge). Has 4 main phases, subdivided into 13...
WordPress Exploit Framework is a Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. Changelog v2.0.1 Changes Add bypass for admin shell uploads when write...
CloudJack AWS Route53/CloudFront Vulnerability Assessment Utility CloudJack assesses AWS accounts for subdomain hijacking vulnerabilities as a result of decoupled Route53 and CloudFront configurations. This vulnerability exists if a Route53 alias references 1) a deleted...
Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications...
Raccoon Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and...
GyoiThon GyoiThon is a growing penetration test tool using Machine Learning. It identifies the software installed on the web server (OS, Middleware, Framework, CMS, etc…) based on the learning data. After that, it executes valid exploits for the identified...
Dependency-Track Modern applications leverage the availability of existing components for use as building blocks in application development. By using existing components, organizations can dramatically decrease time-to-market. Reusing existing components, however, comes at a cost....
