gitoops: all paths lead to clouds
gitoops GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls. It works...
Category: Web Vulnerability Analysis
dorkscout: automate google dork scan
dorkscout dokrscout is a tool to automate the finding of vulnerable applications or secret files around the internet through google searches, dorkscout first starts by fetching the dorks lists from...
subcrawl: find, scan and analyze open directories
SubCrawl SubCrawl is a framework developed by Patrick Schläpfer, Josh Stroschein, and Alex Holland of HP Inc’s Threat Research team. SubCrawl is designed to find, scan and analyze open directories. The framework is modular, consisting of...
shisho: lightweight static code analyzer designed for developers and security teams
shisho Shisho is a lightweight static code analyzer designed for developers and security teams. The key motivation of Shisho is providing a means of Security-as-Code for Code. It allows us to analyze...
crawlergo v0.4.4 releases: powerful browser crawler for web vulnerability scanners
crawlergo crawlergo is a browser crawler that uses chrome headless mode for URL collection. It hooks key positions of the whole web page with the DOM rendering stage, automatically fills...
DongTai v1.15.1 releases: open-source passive interactive security testing (IAST) product
DongTai DongTai IAST is an open-source passive interactive security testing (IAST) product. It uses dynamic hooks and taint tracking algorithms to achieve universal vulnerability detection and multiples request associated with vulnerability detection (including...
webstor v0.1.15 releases: Fast Identification of Vulnerable Web Technologies in your Organization
WebStor Fast Identification of Vulnerable Web Technologies in your Organization WebStor is a tool implemented in Python under the MIT license for quickly enumerating all websites across all of your...
jspanda: client-side prototype pollution vulnerability scanner
JSPanda JSpanda is a client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs and analyzing the JavaScript libraries’ source code. However, JSpanda cannot detect...
DNS Reset Checker: assess the DNS security of web applications
DNS Reset Checker Tools to assess the DNS security of web applications. Background DNS security of web applications? What? The DNS is a central part of many functionalities of a...
juumla v0.1.4 releases: scan for Joomla vulnerabilities
juumla Juumla is a python tool created to identify the Joomla version, scan for vulnerabilities and search for config or backup files. ✨ Features Fast scan Low RAM and CPU usage...
dnstake v0.1.1 releases: check missing hosted DNS zones
DNSTake: A fast tool to check missing hosted DNS zones that can lead to subdomain takeover. What is a DNS takeover? DNS takeover vulnerabilities occur when a subdomain (subdomain.example.com) or...
plution: Prototype pollution scanner
plution Prototype pollution scanner using headless chrome Plution is a convenient way to scan at scale for pages that are vulnerable to client-side prototype pollution via a URL payload. In...
batchql: GraphQL security auditing script
BatchQL BatchQL is a GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations. This script is not complex, and we welcome improvements. When exploring the...
erebus: fast tool for parameter-based vulnerability scanning
Erebus Erebus is used to test every parameter across targets based on Yaml templates leading to zero false positives and providing fast scanning on a large number of hosts. Erebus...
gokart v0.5.1 releases: static analysis tool for securing Go code
GoKart – Go Security Static Analysis GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is...
