Category: Web Vulnerability Analysis
CVE-2023-44487 Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487. This tool checks to see if a website is vulnerable to CVE-2023-44487 completely non-invasively. The tool checks if a web...
route-detect Find authentication (authn) and authorization (authz) security bugs in web application routes: Web application HTTP route authn and authz bugs are some of the most common security issues found today. These industry standard...
IAMActionHunter IAMActionHunter is an IAM policy statement parser and query tool that aims to simplify the process of collecting and understanding permission policy statements for users and roles in AWS Identity and Access Management...
ParaForge ParaForge is a simple Burp Suite extension to extract the parameters and endpoints from the request to create a custom wordlist for fuzzing and enumeration. This is just a simple extension for easy...
EasyScan EasyScan is a Python script that analyzes the security of a given website by inspecting its HTTP headers and DNS records. The script generates a security report with recommendations for addressing potential vulnerabilities....
EscalateGPT A powerful Python tool that leverages the power of OpenAI to analyze AWS IAM misconfigurations. Features 🛠️ EscalateGPT is a Python tool to identify IAM policy issues and enhance Tenable Cloud Security 💻 EscalateGPT retrieves...
Sucosh Scanny “Sucosh” is an automated Source Code vulnerability scanner(SAST) and assessment framework for Python(Flask-Django) & NodeJs capable of performing code review in Web Application Developing or Source Code Analysis processes. It can detect...
Pentest Mapper Pentest Mapper is a Burp Suite extension that integrates the Burp Suite request logging with a custom application testing checklist. The extension provides a straightforward flow for application penetration testing. The extension...
NucleiFuzzer = Nuclei + Paramspider NucleiFuzzer is an automation tool that combines ParamSpider and Nuclei to enhance web application security testing. It uses ParamSpider to identify potential entry points and Nuclei’s templates to scan for vulnerabilities. NucleiFuzzer streamlines the...
What is Akto? Akto is an instant, open source API security platform that takes only 60 secs to get started. Akto is used by security teams to maintain a continuous inventory of APIs, test...
Noir Noir is an attack surface detector from source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through interactions...
GPT_Vuln-analyzer This is a Proof Of Concept application that demonstrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT made...
OSINT Template Engine OSINT Template Engine is a research-grade tool for OSINT Information gathering & Attack Surface Mapping which uses customizable templates to collect data from sources. It allows for new template creation and...
Surf – Escalate your SSRF vulnerabilities on Modern Cloud Environments surf allows you to filter a list of hosts, returning a list of viable SSRF candidates. It does this by sending an HTTP request...
CVE Prioritizer Tool CVE_Prioritizer is a powerful tool that helps you prioritize vulnerability patching by combining CVSS, EPSS, and CISA’s Known Exploited Vulnerabilities. It provides valuable insights into the likelihood of exploitation and the potential impact of...