Information Security
njsscan njsscan is a static application testing (SAST) tool that can find insecure code patterns in your node.js applications using a simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep. Changelog v0.2.1 Semgrep...
Garud An automation tool that scans sub-domains, sub-domain takeover, and then filters out xss, ssti, ssrf, and more injection point parameters. Requirements: Go Language, Python 2.7, or Python 3. System requirements: Recommended to run...
Safety is a command-line tool. Use it to check your local virtual environment, your requirement files, or any input from stdin for dependencies with security issues. If you are using something insecure, you’ll get...
BurpCrypto Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the...
DefectDojo is an open-source application vulnerability correlation and security orchestration application. It allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities, and push findings into defect...
Dependency-Track Modern applications leverage the availability of existing components for use as building blocks in application development. By using existing components, organizations can dramatically decrease time-to-market. Reusing existing components, however, comes at a cost....
WPScan is a black box WordPress vulnerability scanner. Changelog v3.8.13 Minor: Target URL added to the JSON output when an error occurs before controller#run – Ref #1594 –force option added to scan target despite returning a 403 when...
What is DalFox Just, XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a Ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it...
The JSON Web Token Toolkit jwt_tool.py is a toolkit for validating, forging and cracking JWTs (JSON Web Tokens). Its functionality includes: Checking the validity of a token Testing for the RS/HS256 public key mismatch vulnerability Testing for...
MyJWT This cli is for pentesters, CTF players, or dev. You can modify your jwt, sign, inject, etc… Features modify jwt (header/Payload) None Vulnerability RSA/HMAC confusion Sign a jwt with key Brute Force to...
