Category: Web Vulnerability Analysis
IAMActionHunter IAMActionHunter is an IAM policy statement parser and query tool that aims to simplify the process of collecting and understanding permission policy statements for users and roles in AWS Identity and Access Management...
ParaForge ParaForge is a simple Burp Suite extension to extract the parameters and endpoints from the request to create a custom wordlist for fuzzing and enumeration. This is just a simple extension for easy...
EasyScan EasyScan is a Python script that analyzes the security of a given website by inspecting its HTTP headers and DNS records. The script generates a security report with recommendations for addressing potential vulnerabilities....
EscalateGPT A powerful Python tool that leverages the power of OpenAI to analyze AWS IAM misconfigurations. Features 🛠️ EscalateGPT is a Python tool to identify IAM policy issues and enhance Tenable Cloud Security 💻 EscalateGPT retrieves...
Sucosh Scanny “Sucosh” is an automated Source Code vulnerability scanner(SAST) and assessment framework for Python(Flask-Django) & NodeJs capable of performing code review in Web Application Developing or Source Code Analysis processes. It can detect...
Pentest Mapper Pentest Mapper is a Burp Suite extension that integrates the Burp Suite request logging with a custom application testing checklist. The extension provides a straightforward flow for application penetration testing. The extension...
NucleiFuzzer = Nuclei + Paramspider NucleiFuzzer is an automation tool that combines ParamSpider and Nuclei to enhance web application security testing. It uses ParamSpider to identify potential entry points and Nuclei’s templates to scan for vulnerabilities. NucleiFuzzer streamlines the...
What is Akto? Akto is an instant, open source API security platform that takes only 60 secs to get started. Akto is used by security teams to maintain a continuous inventory of APIs, test...
Noir Noir is an attack surface detector from source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through interactions...
GPT_Vuln-analyzer This is a Proof Of Concept application that demonstrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT made...
OSINT Template Engine OSINT Template Engine is a research-grade tool for OSINT Information gathering & Attack Surface Mapping which uses customizable templates to collect data from sources. It allows for new template creation and...
Surf – Escalate your SSRF vulnerabilities on Modern Cloud Environments surf allows you to filter a list of hosts, returning a list of viable SSRF candidates. It does this by sending an HTTP request...
CVE Prioritizer Tool CVE_Prioritizer is a powerful tool that helps you prioritize vulnerability patching by combining CVSS, EPSS, and CISA’s Known Exploited Vulnerabilities. It provides valuable insights into the likelihood of exploitation and the potential impact of...
What is ShadowClone? ShadowClone is designed to delegate time-consuming tasks to the cloud by distributing the input data to multiple serverless functions (AWS Lambda, Azure Functions, etc.) and running the tasks in parallel resulting...
GCP Scanner This is a GCP resource scanner that can help determine what level of access certain credentials possess on GCP. The scanner is designed to help security engineers evaluate the impact of a...