Security Training Share
Cross-Site “Scripter” (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities. It provides several options to try to bypass certain filters and various special techniques for code injection. XSSer has...
Scout Suite is a multi-cloud security auditing tool, which enables assessing the security posture of cloud environments. Using the APIs exposed by cloud providers, Scout gathers configuration data for manual inspection and highlights risk...
HubbleStack (Hubble for short) is a modular, open-source, security & compliance auditing framework which is built in python, using SaltStack as a library. It provides on-demand profile-based auditing, real-time security event notifications, alerting and...
XSpear XSpear is XSS Scanner on ruby gems Key features Pattern matching based XSS scanning Detect alert confirm prompt event on the headless browser (with Selenium) Testing request/response for XSS protection bypass and reflected params...
AURA – Security Auditing and code introspection The current trend in the development is to use a lot of packages in the development phase, even if they provide only trivial functionality and consist of...
Dependency Check Dependency Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform...
Clair Clair is an open-source project for the static analysis of vulnerabilities in application containers (currently including appc and docker). In regular intervals, Clair ingests vulnerability metadata from a configured set of sources and stores it in the...
WPScan is a black box WordPress vulnerability scanner. Changelog v3.7.5 Fixed DB Exports not detected in some cases – Ref #1426 Install Requirement Ruby >= 2.2.2 – Recommended: 2.3.3 Curl >= 7.21 – Recommended: latest...
Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications...
RacePWN (Race Condition framework) RacePWN is a librace library and a racepwn utility that are designed to test a race condition attack through protocols that use a TCP connection. 1.1. librace librace is a library...
