Burp Automation: Performing automated scan using Burp Suite Pro
Burp Automation Performing automated scan using Burp Suite Pro & Vmware Burp Rest API with Robot Framework using Python3. It can be also used in Jenkins to perform automated UI...
Category: Web Vulnerability Analysis
Taken: Takeover AWS ips & working POC for Subdomain Takeover
Taken Takeover AWS ips and have a working POC for Subdomain Takeover. What all you can do with Subdomain Takeover – Cookies stealing, If cookies are set with domain attribute...
403bypasser: circumvent access control restrictions on target pages
403bypasser 403bypasser automates the techniques used to circumvent access control restrictions on target pages. 403bypasser will continue to be improved and it is open to contributions. Which Cases Does This Tool Check? 1....
auth_analyzer v1.1.13 releases: Burp Extension for testing authorization issues
auth_analyzer The Burp extension helps you to find authorization bugs. Just navigate through the web application with a high privileged user and let the Auth Analyzer repeat your requests for...
InQL Scanner v5.02 releases: Burp Extension for GraphQL Security Testing
InQL Scanner InQL Scanner is a security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script or as a Burp Suite extension. Changelog v5.02...
RAT: vulnerability detection approach for testing web application firewalls
RAT: Reinforcement-Learning-Driven and Adaptive Testing for Vulnerability Discovery in Web Application Firewalls Abstract Due to the increasing sophistication of web attacks, Web Application Firewalls (WAFs) have to be tested and...
XSS-Catcher: blind XSS detection framework
XSS Catcher A blind XSS detection framework that runs on Flask and VueJS. XSS Catcher is a simple application that facilitates blind Cross-Site Scripting attacks and attacks that aim to gather data (e.g....
raider v0.2.2 releases: Authentication testing framework
raider – Authentication testing framework This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated tests, they don’t provide features to test the authentication...
ppmap v1.2 releases: leverages Prototype Pollution to XSS by exploiting known gadgets
ppmap A simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the global context) to perform XSS via Prototype Pollution. NOTE:...
Bughound: open-source static code analysis tool
What is Bughound? Bughound is an open-source static code analysis tool that analyzes your code and sends the results to Elasticsearch and Kibana to get useful insights about the potential...
ppfuzz v1.0.2 releases: scan prototype pollution vulnerability
ppfuzz – Prototype Pollution Fuzzer A fast tool to scan prototype pollution vulnerability written in Rust. Use Here are all the options it supports: Flag Description Default value -l, –list...
inter-recon: perform automatic initial web and vulnerability recon
inter-recon Script to perform automatic initial web and vulnerability recon. It has some checks in case of errors. There is a possibility to skip some checks, to restart them, and/or...
sqlvet v1.1.7 releases: performs static analysis on raw SQL queries
Sqlvet Sqlvet performs static analysis on raw SQL queries in your Go codebase to surface potential runtime errors at build time. Feature highlights: Check for SQL syntax error Identify unsafe...
Salus v3.2.4 releases: Security Automation as a Lightweight Universal Scanner
Salus: Guardian of Code Safety and Security Salus (Security Automation as a Lightweight Universal Scanner), named after the Roman goddess of protection, is a tool for coordinating the execution of security...
Reversed Overtaking Kit: An HTTP response fuzzer
RevOK We see the targets of our scan as passive entities, and this leads to underestimating the risk of performing a scan. However, the tools we use to scan are...
