vajra: automated web hacking framework
vajra Vajra is an automated web hacking framework to automate boring recon tasks and the same scans for multiple targets during web application penetration testing. Vajra has a highly customizable...
Category: Web Vulnerability Analysis
mole: identifying and exploiting out-of-band (OOB) vulnerabilities
Mole A framework for identifying and exploiting out-of-band application vulnerabilities. Installation & Setup Mole Install Python >= 3.6 git clone https://github.com/ztgrace/mole.git virtualenv -p /usr/bin/python3 venv source venv/bin/activate ./venv/bin/pip3 install -r...
Grawler: automates the task of using google dorks
Grawler Grawler is the best tool ever, made for automating google dorks it’s a tool written in PHP which comes with a web interface that automates the task of using...
BurpParamFlagger: indicate a possible insertion point for SSRF or LFI
BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI. Note: I believe that...
Enlightn v2.7 releases: Boost Your App’s Performance & Security
enlightn Think of Enlightn as your performance and security consultant. Enlightn will “review” your code and server configurations, and give you actionable recommendations on improving performance, security, and reliability! The...
jwtXploiter v1.2.1 releases: test security of json web token
jwtXploiter A tool to test the security of JSON Web Tokens. Test a JWT against all known CVEs; Tamper with the token payload: changes claims and subclaims values. Exploit known...
http-request-smuggling: HTTP Request Smuggling Detection Tool
HTTP Request Smuggling Detection Tool HTTP request smuggling is a high severity vulnerability which is a technique where an attacker smuggles an ambiguous HTTP request to bypass security controls and...
reconftw v2.8 releases: automated recon on a target domain
ReconFTW ReconFTW automates the entire process of reconnaisance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target. ReconFTW uses...
horusec v2.8 releases: improves identification of vulnerabilities in your project
What is Horusec? Horusec is an open-source tool that performs a static code analysis to identify security flaws during the development process. Currently, the languages for analysis are C#, Java,...
XSSTRON: Find XSS Vulnerabilities Automatically
XSSTRON Electron JS Browser To Find XSS Vulnerabilities Powerful Chromium Browser to find XSS Vulnerabilities automatically while browsing the web, it can detect many case scenarios with support for POST...
SSRF-Detector: SSRF-Tool written in golang
SSRF-Detector An SSRF-Tool wrote in golang Features Wordlist Creation Inject in every parameter one by one Very fast speed Inject into paths Silent Mode Fetch endpoints from Javascript files Bruteforce...
ssrf-king: Automates SSRF Detection in all of the Request
ssrf-king SSRF plugin for burp that Automates SSRF Detection in all of the Request Upcoming Features Checklist ✔️ It will soon have a user Interface to specify your own call...
jwt-key-id-injector: check against hypothetical JWT vulnerability
JWT Key ID Injector Simple python script to check against hypothetical JWT vulnerability. Let’s say there is an application that uses a JWT tokens signed HS256 algorithm. An example token...
BigBountyRecon: expediate the process of intial reconnaissance on the target organisation
BigBountyRecon BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation. Reconnaissance is the most...
opencve v1.5 releases: CVE Alerting Platform
OpenCVE OpenCVE (formerly known as Saucs) is a platform that alerts you about new vulnerabilities related to the CVE list. How does it work OpenCVE uses the JSON feed provided by the NVD to...
