XSS Tool Overview This tool is an intelligent XSS detection tool that uses human techniques to look for reflected cross-site scripting (XSS) vulnerabilities. Rather than use the same approach as virtually every other reflected...
Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published March 3, 2018 · Last modified October 25, 2022
megplus Automated reconnaissance wrapper About This wrapper will automate numerous tasks and help you during your reconnaissance process. The script finds common issues, low hanging fruit, and assists you when approaching a target. meg+...
dotdotslash A tool to help you search for Directory Traversal Vulnerabilities Benchmarks Platforms that I tested to validate tool efficiency: DVWA (low/medium/high) bWAPP (low/medium/high) Installation You can download the last version cloning this repository git clone...
libinjection is a library that parses parameter value to SQL elements (tokens) and checks if tokens combination (fingerprint) is familiar to SQL-injection attack. This library has high performance and is commonly used by WAF/NGFW...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published February 24, 2018 · Last modified May 19, 2018
Scanner for PHP.ini The Iniscan is a tool designed to scan the given php.ini file for common security practices and report back results. Currently, it is only for use on the command line and...
sqlmate There are some features that we think SQLMap should have. Like finding admin panel of the target, better hash cracking etc. If you think the same, SQLMate is for you. What does it...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published February 23, 2018 · Last modified October 25, 2022
sqlmapchik sqlmapchik is a cross-platform sqlmap GUI for the popular sqlmap tool. It is primarily aimed to be used on mobile devices (currently Android is supported). Installation (easy) The easiest way to install sqlmapchik...
Web Exploitation / Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published February 18, 2018
DAVScan is a quick and lightweight webdav scanner designed to discover hidden files and folders on DAV enabled webservers. The scanner works by taking advantage of overly privileged/misconfigured WebDAV servers or servers vulnerable to...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published February 18, 2018
Blind SQL Injection via Bitshifting This is a module that performs blind SQL injection by using the bitshifting method to calculate characters instead of guessing them. It requires 7/8 requests per character, depending on the configuration....
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published February 17, 2018 · Last modified October 10, 2021
NoSQLAttack is an open source Python tool to automate expose MongoDB server IP on the internet and disclose the database data by MongoDB default configuration weaknesses and injection attacks. Presently, this project focuses on...
Web Exploitation / Web Information Gathering / Web Vulnerability Analysis
by do son · Published February 15, 2018 · Last modified February 15, 2019
What is DarkSpiritz? Created by the SecTel Team it was a project of one of the owners to update and clean-up an older pentesting framework he had created to something updated and modern. It...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published February 15, 2018 · Last modified October 10, 2021
WackoPicko is a website that contains known vulnerabilities. WackoPicko is a photo sharing and photo-purchasing site. A typical user of WackoPicko is able to upload photos, browse other user’s photos, comment on photos, and...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published February 14, 2018
Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published February 14, 2018 · Last modified October 10, 2021
DbDat Db Database Assessment Tool DbDat performs numerous checks on a database to evaluate security. The categories of checks performed are configuration, privileges, users, and information. Checks are performed by running queries or reading...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published February 13, 2018 · Last modified October 10, 2021
Proxenet is a hacker-friendly DIY web proxy for pentest(ers). It is a C-based proxy that allows you to interact with higher level languages (like Python, Ruby, Java, etc.) for modifying on-the-fly requests/responses sent by your...
Secure Your Connection
