BuQuikker: find poorly configured AWS buckets
The BuQuikker This project is intended to show how easy it is to find poorly configured AWS buckets. This project is built on top of bucketeer. It should make the life...
Category: Web Vulnerability Analysis
XSStrike v3.1.5 released: advanced XSS detection and exploitation suite
XSStrike is an advanced XSS detection suite. It has a powerful fuzzing engine and provides zero false-positive results using fuzzy matching. XSStrike is the first XSS scanner to generate its...
bishop: Hunt for vulnerable websites as you browse
Bishop Bishop is a vulnerability scanner that searches websites in the background while you browse, looking for exposed version control systems, misconfigured administrative tools, and more. It works by searching...
safesql: tatic analysis tool for Go that protects against SQL injections
SafeSQL is a static analysis tool for Go that protects against SQL injections. How does it work? SafeSQL uses the static analysis utilities in go/tools to search for all call sites of...
EternalView: information gathering and vulnerability assessment tool
EternalView EternalView is an all in one basic information gathering tool Features: Feature Explanation Whois Information Prints the whois information of the entered web address DNS lookup Prints the DNS...
second-order: subdomain takeover scanner
Second Order Scans web applications for second-order subdomain takeover by crawling the app, and collecting URLs (and other data) that match some specific rules, or respond in a specific way....
Vulnerable Node: vulnerable web site written in NodeJS
Vulnerable Node What’s this project? The goal of this project is to be a project with really vulnerable code in NodeJS, not simulated. Why? A similar project, like OWASP Node...
luna: open-source web security scanner
Luna is an open-source web security scanner which is based on reduced-code passive scanning framework. You can write a simple python plugin to prove your great ideas with Luna. The...
pappy proxy: An intercepting proxy for web application testing
The Pappy Proxy The Pappy (Proxy Attack Proxy ProxY) Proxy is an intercepting proxy for performing web application security testing. Its features are often similar, or straight up rippoffs from Burp Suite. However, Burp...
xssmap: Intelligent XSS detection tool
XSS Tool Overview This tool is an intelligent XSS detection tool that uses human techniques to look for reflected cross-site scripting (XSS) vulnerabilities. Rather than use the same approach as...
megplus: Automated reconnaissance wrapper
megplus Automated reconnaissance wrapper About This wrapper will automate numerous tasks and help you during your reconnaissance process. The script finds common issues, low hanging fruit, and assists you when...
dotdotslash: search for Directory Traversal Vulnerabilities
dotdotslash A tool to help you search for Directory Traversal Vulnerabilities Benchmarks Platforms that I tested to validate tool efficiency: DVWA (low/medium/high) bWAPP (low/medium/high) Installation You can download the last version cloning...
libinjection fuzzer: fuzz MariaDB/MSSQL/MySQL/PostgreSQL/Oracle database query to find libinjection bypasses
libinjection is a library that parses parameter value to SQL elements (tokens) and checks if tokens combination (fingerprint) is familiar to SQL-injection attack. This library has high performance and is...
iniscan: a php.ini scanner for best security practices
Scanner for PHP.ini The Iniscan is a tool designed to scan the given php.ini file for common security practices and report back results. Currently, it is only for use on...
sqlmate: A friend of SQLmap which will do what you always expected from SQLmap
sqlmate There are some features that we think SQLMap should have. Like finding admin panel of the target, better hash cracking etc. If you think the same, SQLMate is for...
