[BlackHat Europe tool] Automatic API Attack Tool
Automatic API Attack Tool Imperva’s customizable API attack tool takes an API specification as an input and generates and runs attacks that are based on it as an output. The...
Category: Web Vulnerability Analysis
WAES: Web Auto Enum & Scanner
CPH:SEC WAES at a Glance Doing HTB or other CTFs enumeration against targets with HTTP(S) can become trivial. It can get tiresome to always run the same script/tests on every...
[Blackhat Europe tool] huskyCI: Performing security tests inside your CI
huskyCI – Performing security tests inside your CI huskyCI is an open-source tool that performs security tests inside CI pipelines of multiple projects and centralizes all results into a database...
finds publicly known security vulnerabilities in a website’s frontend JavaScript libraries
is-website-vulnerable finds publicly known security vulnerabilities in a website’s frontend JavaScript libraries Changelog Bug Fixes package.json to reduce vulnerabilities (#84) (34d06be) Install npm install -g is-website-vulnerable Use npx is-website-vulnerable https://example.com...
Corsy v1.0 RC releases: CORS Misconfiguration Scanner
Corsy Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. Tests implemented Pre-domain bypass Post-domain bypass Backtick bypass Null origin bypass Invalid value Wild card...
aura: Security auditing and code introspection
AURA – Security Auditing and code introspection The current trend in the development is to use a lot of packages in the development phase, even if they provide only trivial...
racepwn: test a race condition attack
RacePWN (Race Condition framework) RacePWN is a librace library and a racepwn utility that are designed to test a race condition attack through protocols that use a TCP connection. 1.1....
WPintel: Chrome extension designed for WordPress Vulnerability Scanning and information gathering
WPintel Chrome extension designed for WordPress Vulnerability Scanning and information gathering! Features Detect the WordPress version Detect version vulnerabilities Enumerate Users Detect Themes Detect Plugins Find full path disclosure Check...
prvd: PHP Runtime Vulnerability Detection
prvd – PHP Runtime Vulnerability Detection prvd is able to detect the following types of vulnerabilities: Command Injection File Inclusion File Upload SQL Injection SQL Injection (Blind) Partial XSS Installation...
ITWSV: Integrated Tool for Web Security Vulnerability
ITWSV- Integrated Tool for Web Security Vulnerability. ITWSV is an automated penetration testing tool that performs information gathering, auditing, and reporting. TOOLS USED FOR PENTEST WHOIS DNSWALK FIERCE DNSRecon DNSenum...
jwt-pwn: Security Testing Scripts for JWT
jwt-pwn – Security Testing Scripts for JWT jwt-cracker.py JWT password/secret cracker. C-jwt-cracker is a tool to brute-force the private key of JWT. Besides it uses its implementation of JWT, the...
Domainker: automate the boring tasks and find some low hanging bugs
Domainker This tool for bug bounty hunters to help them automate the boring tasks and find some low hanging bugs. Install git clone https://github.com/BitTheByte/Domainker cd Domainker pip install -r requirements.txt...
fracker: PHP function tracker
Fracker Fracker is a suite of tools that allows to easily trace and analyze PHP function calls, its goal is to assist the researcher during manual security assessments of PHP...
docem v1.5 releases: embed XXE and XSS payloads in docx, odt, pptx
docem Utility to embed XXE and XSS payloads in docx,odt,pptx, etc – any documents that are a zip archive with a bunch of xml files inside This tool is a...
Server-Side Request Forgery (SSRF) vulnerable Lab
Server-Side Request Forgery (SSRF) vulnerable Lab This repository contains PHP codes which are vulnerable to Server-Side Request Forgery (SSRF) attacks. Vulnerable codes are meant to demonstrate SSRF for below mentioned...
