Information Gathering / Vulnerability Analysis / Web Information Gathering / Web Vulnerability Analysis
by do son · Published December 30, 2020
sarenka SARENKA is an Open Source Intelligence (OSINT) tool which helps you obtaining and understanding Attack Surface. The main goal is to gathering infromation from search engines for Internet-connected devices (https://censys.io/, https://www.shodan.io/)....
ASST #BETA OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner. Introduction Web applications have become an integral part of everyday life, but many of...
threatspec Threatspec is an open-source project that aims to close the gap between development and security by bringing the threat modeling process further into the development process. This is achieved...
php-jpeg-injector Injects php payloads into jpeg images. Related to this post. Use Case You have a web application that runs a jpeg image through PHP’s GD graphics library. Description This script...
Web Exploitation / Web Vulnerability Analysis
by do son · Published December 14, 2020 · Last modified September 1, 2021
Vulmap – Web vulnerability scanning and verification tools Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other...
byp4xx A bash script to bypass “403 Forbidden” responses with well-known methods discussed in #bugbountytips Features: Multiple HTTP verbs/methods Multiple methods mentioned in #bugbountytips Multiple headers: Referer, X-Custom-IP-Authorization… Allow redirects...
403Bypasser An Burpsuite extension to bypass the 403 restricted directories. By using PassiveScan (default enabled), each 403 requests will be automatically scanned by this extension, so just add to burpsuite and...
Packer Fuzzer With the popularity of web front-end packaging tools, have you encountered more and more websites represented by Webpack packager in daily penetration testing and security services? This type of...
Parth Heuristic Vulnerable Parameter Scanner Introduction Some HTTP parameter names are more commonly associated with one functionality than the others. For example, the parameter ?url= usually contains URLs as the value...
XSS Scanner Cross-Site Scripting (XSS) is one of the most well-known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published November 10, 2020 · Last modified August 16, 2022
Garud An automation tool that scans sub-domains, sub-domain takeover, and then filters out xss, ssti, ssrf, and more injection point parameters. I made this tool to automate my recon and...
GWTMap GWTMap is a tool to help map the attack surface of Google Web Toolkit (GWT) based applications. The purpose of this tool is to facilitate the extraction of any...
Programming / Web Vulnerability Analysis
by do son · Published November 1, 2020 · Last modified February 15, 2023
sast-scan Scan is a free open-source security tool for modern DevOps teams. With an integrated multi-scanner based design, Scan can detect various kinds of security flaws in your application and infrastructure...
ReconNote Web Application Security Recon Automation Framework It takes user input as a domain name and maximizes the attack surface area by listing the assets of the domain like –...
PCWT A web application that makes it easy to run your pentest and bug bounty projects. Description The app provides a convenient web interface for working with various types of...
Support Securityonline.info site. Thanks!
