WordPress 4.8.2 SQLi vulnerability
On 31th Oct, WordPress 4.8.3 has been released. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. Details WordPress versions 4.8.2 and earlier...
Category: Web Vulnerability Analysis
Blazy: the modern login page bruteforcer with CSRF, Clickjacking Scanner & WAF Detector
Blazy Blazy is a modern login page bruteforcer. Features Easy target selections Smart form and error detection CSRF and Clickjacking Scanner Cloudflare and WAF Detector 90% accurate results Checks for...
xsser v1.8.3 releases: automatic -framework- to detect, exploit and report XSS vulnerabilities
Cross-Site “Scripter” (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities. It provides several options to try to bypass certain filters and various special techniques for...
reddalert: AWS security monitoring/alerting tool
reddalert AWS security monitoring/alerting tool built on top of Netflix’s EDDA project. What do we want to see? Examples: security group whitelists some weird port(range) ELB forwards traffic to some weird port...
open-redirect-scanner: open redirect subdomains scanner
redirect.py open redirect subdomains scanner by ak1t4 know.0nix@gmail.com Download git clone https://github.com/ak1t4/open-redirect-scanner.git Use ./redirect.py [subdomains.file] [redirect-payload] Example ./redirect.py uber.list ‘//yahoo.com/%2F..’ Payloads examples: #payload = ‘//www.google.com/%2F..’ #payload2 = ‘//www.yahoo.com//‘ #payload3 = ‘//www.yahoo.com//%2F%2E%2E’ Enjoy!...
Security Monkey: monitors AWS and GCP accounts for policy changes and alerts on insecure configurations
Security Monkey Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. It provides a single UI to browse and search through all of your...
pcc: PHP Secure Configuration Checker
PHP Secure Configuration Checker Check current PHP configuration for potential security flaws. Simply access this file from your web server or run on CLI. Author This software was written by...
reflector: Burp plugin able to find reflected XSS on page in real-time while browsing on site
reflector Description Burp Suite extension is able to find reflected XSS on the page in real-time while browsing on the website and include some features as: Highlighting of reflection in...
NoSQLMap: Automated NoSQL database enumeration and web application exploitation tool
NoSQLMap NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using...
CORStest: A simple CORS misconfiguration scanner
CORStest A simple CORS misconfiguration scanner Based on the research of James Kettle CORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing (CORS) misconfigurations. It takes a text...
UpPwn: automate detection of security flaws on websites’ file upload systems
UpPwn UpPwn is a script that automates detection of security flaws on websites’ file upload systems. In some cases, it also allows exploiting these vulnerabilities in order to upload malicious...
WebXploiter – An OWASP Top 10 Security scanner
WebXploiter The main purpose of this tool is to help to automate the manual Recon techniques + basic exploitation techniques which we used to try each time when we are...
mando.me: Web Command Injection Tool
mando.me: Web Command Injection Tool PHP Command Injection exploitation tool Exploit web page and upload simple-shell.php (or simply find an existing exploitable command injection). Execute the controller to exploit the...
How to install OpenVAS 9 on Ubuntu
Installing OpenVAS 9 on Ubuntu If you install OpenVAS in an Ubuntu virtual machine, I recommend adding as many CPUs as possible to speed up the scan. The recommended minimum...
angularjs-csti-scanner: Automated client-side template injection (sandbox escape/bypass) detection for AngularJS
Angular Client-Side Template Injection Scanner ACSTIS helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports...
