AutoNessus: use Nessus API for automating scans
AutoNessus This script communicates with the Nessus API in an attempt to help with automating scans. Depending on the flag issued with the script, you can list all scans, list...
Category: Web Vulnerability Analysis
PenTestKit: Useful tools & scripts used during Penetration Tests.
PenTestKit Useful tools & scripts for Penetration Testing Requirements OS Tested on Debian 9.x & Kali Linux Languages & Libraries Python 2.x termcolor (python package) requests (python package) BeautifulSoup (python...
vulscan: Advanced vulnerability scanning with Nmap NSE
vulscan – Vulnerability Scanning with Nmap Introduction Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used...
comission: WhiteBox CMS analysis
CoMisSion – WhiteBox CMS analysis CoMisSion is a tool to quickly analyze a CMS setup. The tool: checks for the core version; checks for modifications made on the core (additions,...
WordPresscan: blackbox WordPress scanner
WordPresscan A simple WordPress scanner written in python based on the work of WPScan (Ruby version) Install & Launch Dependencies Install Example 1 : Basic update and scan of a...
SHELLING – a comprehensive OS command injection payload generator
SHELLING – a comprehensive OS command injection payload generator – now also available as a Burp Plugin What is SHELLING? This tool is a customizable payload generator, suitable for detecting...
race-the-web: Tests for race conditions in web applications
Race The Web Tests for race conditions in web applications by sending out a user-specified number of requests to a target URL (or URLs) simultaneously, and then compare the responses from...
HUNT: HUNT Burp Suite Extension
HUNT Burp Suite Extension HUNT is a Burp Suite extension to: Identify common parameters vulnerable to certain vulnerability classes. Organize testing methodologies inside of Burp Suite. HUNT Scanner (hunt_scanner.py) This...
[Collection] HTML/CSS/JavaScript/SQL: Static analysis tools
Static program analysis is the analysis of computer software that is performed without actually executing programs (analysis performed on executing programs is known as dynamic analysis).[1] In most cases the analysis is performed on some...
psychoPATH: hunting file uploads & LFI in the dark
psychoPATH – a blind webroot file upload & LFI detection tool (now available in the Burp App Store!) psychoPATH – hunting file uploads & LFI in the dark This tool...
[Collection] Elixir/Docker container/Go/Groovy/Java: Static analysis tools
Static program analysis is the analysis of computer software that is performed without actually executing programs (analysis performed on executing programs is known as dynamic analysis).[1] In most cases the analysis is performed on some...
Airachnid-Burp-Extension: Burp Extension to test Web Cache Deception Vulnerability
Airachnid Burp Extension A Burp extension to test applications for vulnerability to the Web Cache Deception attack. Once the extension has been loaded, it can be accessed in the Target...
[Collection] Ruby/Python: Static analysis tools
Static program analysis is the analysis of computer software that is performed without actually executing programs (analysis performed on executing programs is known as dynamic analysis).[1] In most cases the analysis is performed on some...
Damn Web Scanner: web vulnerabilities scanner
Damn Web Scanner Another web vulnerabilities scanner, this extension works on Chrome and Opera. The extension is working in the background and will notify you if it finds any vulnerability...
Vulny-Code-Static-Analysis: detect vulnerabilities into a PHP source code
PHP_Code_Static_Analysis A basic script to detect vulnerabilities into a PHP source code Currently detecting : SQL injection Local File Inclusion Insecure emails Cross Site Scripting Remote Commands Execution LDAP injection...
