Category: Web Vulnerability Analysis
Astra REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process,...
discover For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks. Download, setup & usage git clone https://github.com/leebaird/discover /opt/discover/ All scripts must be run from this location. cd /opt/discover/ ./update.sh ...
Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section. Web...
Watchog is an integration of open source security tools aimed to provide a holistic security view for a given domain/IP. The way Watchdog is built it can be used by product security teams, red teams...
XVNA Extreme Vulnerable Node Application XVNA is an extremely vulnerable node application coded in Nodejs(Expressjs)/MongoDB that helps security enthusiasts to learn application security. it’s not counseled to host this application online as it is...
drek is a static-code-analysis tool that can be used to perform security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns...
WhoUr is a simple tool in python for getting info of a website and scan sqli vuln with google. this is fast but is not powerful, actually is under construction, but is useful. Features:...
RIPS RIPS is the most popular static code analysis tool to automatically detect vulnerabilities in PHP applications. By tokenizing and parsing all source code files, RIPS is able to transform PHP source code into...
Galileo – Web Application Audit Framework Galileo is an open source penetration testing tool for the web application, which helps developers and penetration testers identify and exploit vulnerabilities in their web applications. Installation $...
LinkFinder LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. This way penetration testers and bug hunters are able to gather new, hidden endpoints on the websites they...
s3-buckets-bruteforcer PHP tool to brute force Amazon S3 bucket Note that this is an automated tool, a manual check is still required. Installation Requirement: apt-get install awscli aws configure Clone the repo git clone https://github.com/gwen001/s3-buckets-finder.git...
s3-inspector Tool to check AWS S3 bucket permissions. Compatible with Linux, MacOS and Windows, python 2.7 and 3. May be used as AWS Lambda function. What it does Checks all your buckets for public access...
TheDoc is a simple but very useful SQLMAP Automator with built-in admin finder, hash cracker(using hashcat) and more! Abilities: Counts total injections tried. Crawls given domain for vulnerabilities. Extracts Database Infos (via injection URL)...
PAVELOW Exploit Toolbox PAVELOW helps you with your exploiting and vulnerability searching adventures on KALI Linux by using a few different pre-installed tools among several others that PAVELOW will installed & setup for you....
versionscan Versionscan is a tool for evaluating your currently installed PHP version and checking it against known CVEs and the versions they were fixed in to report back potential issues. Changelog v1.5.4 Updating with...