Sitadel v0.1.1 releases: Web Application Security Scanner
Sitadel – Web Application Security Scanner Sitadel is basically an update for WAScan making it compatible for python >= 3.4. It allows more flexibility for you to write new modules...
Category: Web Vulnerability Analysis
Interlace v1.6 releases: a power information gathering tool
Interlace Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support. Changelog v1.6 New Features and Improvements Introduced _random_ in #58 Introduced _blocker_ and _block:xyz_ in #60 Bug Fixes Fix Arguments.output...
remic: Vulnerability Scanner for Detecting Publicly Disclosed Vulnerabilities in Application Dependencies
remic Vulnerability Scanner for Detecting Publicly Disclosed Vulnerabilities in Application Dependencies remic automatically detects the following files in the container and scans vulnerabilities in the application dependencies. Gemfile.lock Pipfile.lock composer.lock package-lock.json...
CodeAlchemist: Semantics-aware Code Generation for Finding JS engine Vulnerabilities
CodeAlchemist CodeAlchemist is a JavaScript engine fuzzer that improves classic grammar-based JS engine fuzzers by a novel test case generation algorithm, called a semantics-aware assembly. The details of the algorithm...
femida: Automated blind-xss search for Burp Suite
Femida-xss An automated blind-xss search plugin for Burp Suite. Installation Git clone https://github.com/wish-i-was/femida.git Burp -> Extender -> Add -> find and select blind-xss.py How to use Settings First of all, you need...
ezXSS v4.2 releases: help find and exploit blind cross-site scripting (XSS) vulnerabilities
ezXSS ezXSS is a tool that is designed to help find and exploit cross-site scripting (XSS) vulnerabilities. One of the key features of ezXSS is its ability to identify and...
CMSeeK v1.1.3 releases: Content Management Systems Detection and Exploitation suite
What is a CMS? A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress,...
aquatone v2.0 released: A Tool for Domain Flyovers
AQUATONE Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface. Changelog v2.0...
wpbullet: A static code analysis for WordPress and PHP
wpBullet Static code analysis for WordPress Plugins/Themes (and PHP) Installation $ git clone https://github.com/webarx-security/wpbullet wpbullet $ cd wpbullet $ pip install -r requirements.txt Usage Creating modules Creating a module...
DevAudit v3.4 releases: Open-source, cross-platform, multi-purpose security auditing tool
DevAudit: Development Auditing DevAudit is an open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams adopting DevOps and DevSecOps that detects security vulnerabilities at multiple levels of the...
dawnscanner v2.2 releases: static analysis security scanner for ruby
Dawnscanner – The raising security scanner for Ruby web applications dawnscanner is a source code scanner designed to review your ruby code for security issues. dawnscanner is able to scan...
rigmap: A wrapper for Nmap to automate the pentest
Trigmap is a wrapper for Nmap. You can use it to easily start Nmap scan and especially to collect information into a well-organized directory hierarchy. The use of Nmap makes...
PHP static analysis tool lists
Static program analysis is the analysis of computer software that is performed without actually executing programs (analysis performed on executing programs is known as dynamic analysis). In most cases, the analysis is performed on...
Striker v0.9-beta releases: offensive information and vulnerability scanner
Striker Striker 2.0 is still in the prototype phase, which means it’s not intended to be used by regular users. It has been made public for contributions to make the...
jwt_tool v2.2.6 releases: A toolkit for testing, tweaking and cracking JSON Web Tokens
The JSON Web Token Toolkit jwt_tool.py is a toolkit for validating, forging, and cracking JWTs (JSON Web Tokens). Its functionality includes: Checking the validity of a token Testing for known exploits:...
