Crypto / Web Vulnerability Analysis
by do son · Published July 16, 2020 · Last modified November 10, 2021
BurpCrypto Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select...
Trishul Trishul is an automated vulnerability finding Burp Extension. Built with Jython supports real-time vulnerability detection in multiple requests with user-friendly output. This tool was made to supplement testing where...
FUSE FUSE is a penetration testing system designed to identify Unrestricted Executable File Upload (UEFU) vulnerabilities. The details of the testing strategy is in our paper, “FUSE: Finding File Upload Bugs...
JVMXRay JVMXRay is a technology for monitoring access to system resources within the Java Virtual Machine. It’s designed with application security emphasis but some will also find it beneficial for...
ScanT3r – Web Security Scanner Scant3r Scans all URLs with multiple HTTP Methods and content-types also, it tries to look for bugs with basic exploits from Headers and URL Parameters...
lorsrf lorsrf is just a web pen-testing tool that I wrote to find the parameters that can be used to find SSRF or Out-of-band resource load by adding an OAST...
ChopChop ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT. Its goal is to scan several endpoints and identify the exposition...
0l4bs Cross-site scripting labs for web application security enthusiasts List of Chall: ~ Chall 1 | URL ~ Chall 2 | Form ~ Chall 3 | User-Agent ~ Chall 4...
GadgetProbe Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths. Description You just found a Java deserialization bug, you ran all your...
What is CorsMe? A cors misconfiguration scanner tool based on golang with speed and precision in mind! Misconfiguration type this scanner can check for Reflect Origin checks Prefix Match Suffix...
njsscan njsscan is a static application testing (SAST) tool that can find insecure code patterns in your node.js applications using a simple pattern matcher from libsast and syntax-aware semantic code pattern search...
SSRFIRE An automated SSRF finder. Just give the domain name and your server and chill! 😉 It also has options to find XSS and open redirects. Download git clone https://github.com/micha3lb3n/SSRFire.git...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published May 22, 2020 · Last modified October 11, 2021
opulence: Automation platform for open-source intelligence Collectors are responsible for collecting data across many different OSINT sources List of implemented collectors: Name description badips check if ip is blacklisted. (ex:...
quiver Quiver is an opinionated and curated collection of commands, notes, and scripts I use for bug bounty hunting. Features ZSH / Oh-My-ZSH shell plugin Tab auto-completion Prefills the command...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published May 20, 2020 · Last modified September 14, 2020
Searpy Search Engine Toolkit Support search engine Shodan Fofa Zoomeye Censys Dnsdb Google Baidu Bing 360so Goo Yahoo Changelog v2.3 fix some bugs add fofa_icon module Install git clone https://github.com/j3ers3/Searpy...
Support Securityonline.info site. Thanks!
Akira Ransomware Exploit CVE-2024-40766 in SonicWall SonicOS
October 21, 2024
