403-bypass Are you interested in web security and want to test your skills against potential 403 bypasses? If so, you’ve come to the right place! This project is a comprehensive...
JAW An open-source, prototype implementation of property graphs for JavaScript based on the esprima parser, and the EsTree SpiderMonkey Spec. JAW can be used for analyzing the client side of web applications and...
Subhunter A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a canonical name (CNAME) in the...
Upload_Bypass Upload_Bypass is a powerful tool designed to assist Pentesters and Bug Hunters in testing file upload mechanisms. It leverages various bug bounty techniques to simplify the process of identifying and...
Hakuin Hakuin is a Blind SQL Injection (BSQLI) inference optimization and automation framework written in Python 3. It abstracts away the inference logic and allows users to easily and efficiently...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published December 13, 2023 · Last modified December 31, 2023
Egyscan Egyscan is The Best web vulnerability scanner; it’s a multifaceted security powerhouse designed to fortify your web applications against malicious threats. EgyScan is more than just a tool; it’s the...
headerpwn A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers. Install go install github.com/devanshbatham/headerpwn@v0.0.3 Use headerpwn allows you to test various headers on a target...
The Ars0n Framework The Ars0n Framework is designed to provide aspiring Application Security Engineers with all the tools they need to leverage Bug Bounty hunting as a means to learn...
CLZero A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors. Inspired by the tool Smuggler all attack gadgets adapted from Smuggler and https://portswigger.net/research/how-to-turn-security-research-into-profit CL.0 Identification method The first request will be the...
codetotal CodeTotal analyzes any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses. Scan repository Scan an entire repository Scan snippets...
Logsensor A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanning Features login panel Scanning for multiple hosts Proxy compatibility (http, https) Login panel scanning is done...
Bugsy Bugsy is a command-line interface (CLI) tool that provides automatic security vulnerability remediation for your code. It is the community edition version of Mobb, the first vendor-agnostic automated security vulnerability...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published November 4, 2023 · Last modified May 1, 2024
WebCopilot WebCopilot is an automation tool designed to enumerate subdomains of the target and detect vulnerabilities using different open-source tools. The script first enumerates all the subdomains of the given...
navgix navgix is a multi-threaded golang tool that will check for nginx alias traversal vulnerabilities. Techniques Currently, navgix supports 2 techniques for finding vulnerable directories (or location aliases). Those are...
Argus This repo contains the code for our USENIX Security ’23 paper “ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions”. Argus is a comprehensive security...
Support Securityonline.info site. Thanks!
