Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 7, 2017
Drystan Automated information gathering tool for pentest. How It Works explore domain information. search and enumerate subDomains/IPs. extract all IP & ports. identify service. detect vulnerability(brute & exploit). Tools Already Included domain info dig...
Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 6, 2017
SPartan is a Frontpage and Sharepoint fingerprinting and attack tool. Features: Sharepoint and Frontpage fingerprinting Management of Friendly 404s Default Sharepoint and Frontpage file and folder enumeration Active Directory account enumeration Download interesting files...
Network PenTest / Vulnerability Analysis / Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 3, 2017
Bash Scanner is a fast and reliable way to scan your server for outdated software and potential exploits. Supported software The Bash Scanner currently detects the following software for updates (keep in mind, this...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published November 20, 2017 · Last modified May 25, 2021
OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA. You will find more vulnerabilities than the...
PHP Unserialize Check This Burp Scanner Extension tries to find PHP Object Injection Vulnerabilities. It passes a serialized PDO object to the found injection points. If PHP tries to unserialize this object a fatal exception is thrown...
Serialized PHP toolkit for Burp Suite From a security testing perspective, one interesting feature of PHP is that of PHP Serialized objects. They typically show up as Base64 encoded strings which, once decoded, resemble...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published November 3, 2017 · Last modified October 10, 2021
xsssniper is a handy xss discovery tool with mass scanning functionalities. What it does is scanning target URL for GET parameters and then inject an XSS payload (Y) into them and parse the response...
Burp Attack Selector Plugin During latest years Burp Suite scanner checks has been expanded a lot, but unfortunately, the need for a scan time compromise has limited notably the checks executed during the scans...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published November 1, 2017 · Last modified January 3, 2018
On 31th Oct, WordPress 4.8.3 has been released. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. Details WordPress versions 4.8.2 and earlier are affected by an...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published October 30, 2017 · Last modified November 10, 2017
Blazy Blazy is a modern login page bruteforcer. Features Easy target selections Smart form and error detection CSRF and Clickjacking Scanner Cloudflare and WAF Detector 90% accurate results Checks for login bypass via SQL...
Cross-Site “Scripter” (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities. It provides several options to try to bypass certain filters and various special techniques for code injection. XSSer has...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published October 24, 2017 · Last modified November 8, 2017
reddalert AWS security monitoring/alerting tool built on top of Netflix’s EDDA project. What do we want to see? Examples: security group whitelists some weird port(range) ELB forwards traffic to some weird port an EC2 instance was...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published October 22, 2017 · Last modified November 8, 2017
redirect.py open redirect subdomains scanner by ak1t4 know.0nix@gmail.com Download git clone https://github.com/ak1t4/open-redirect-scanner.git Use ./redirect.py [subdomains.file] [redirect-payload] Example ./redirect.py uber.list ‘//yahoo.com/%2F..’ Payloads examples: #payload = ‘//www.google.com/%2F..’ #payload2 = ‘//www.yahoo.com//‘ #payload3 = ‘//www.yahoo.com//%2F%2E%2E‘ Enjoy! Demo Source: https://github.com/ak1t4/open-redirect-scanner
Security Monkey Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. It provides a single UI to browse and search through all of your accounts, regions, and cloud...
Programming / Web Vulnerability Analysis
by do son · Published October 18, 2017 · Last modified May 19, 2018
PHP Secure Configuration Checker Check current PHP configuration for potential security flaws. Simply access this file from your web server or run on CLI. Author This software was written by Ben Fuhrmannek, SektionEins GmbH, in...
Secure Your Connection
