Category: Web Vulnerability Analysis
Drystan Automated information gathering tool for pentest. How It Works explore domain information. search and enumerate subDomains/IPs. extract all IP & ports. identify service. detect vulnerability(brute & exploit). Tools Already Included domain info dig...
SPartan is a Frontpage and Sharepoint fingerprinting and attack tool. Features: Sharepoint and Frontpage fingerprinting Management of Friendly 404s Default Sharepoint and Frontpage file and folder enumeration Active Directory account enumeration Download interesting files...
Bash Scanner is a fast and reliable way to scan your server for outdated software and potential exploits. Supported software The Bash Scanner currently detects the following software for updates (keep in mind, this...
OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA. You will find more vulnerabilities than the...
PHP Unserialize Check This Burp Scanner Extension tries to find PHP Object Injection Vulnerabilities. It passes a serialized PDO object to the found injection points. If PHP tries to unserialize this object a fatal exception is thrown...
Serialized PHP toolkit for Burp Suite From a security testing perspective, one interesting feature of PHP is that of PHP Serialized objects. They typically show up as Base64 encoded strings which, once decoded, resemble...
xsssniper is a handy xss discovery tool with mass scanning functionalities. What it does is scanning target URL for GET parameters and then inject an XSS payload (Y) into them and parse the response...
Burp Attack Selector Plugin During latest years Burp Suite scanner checks has been expanded a lot, but unfortunately, the need for a scan time compromise has limited notably the checks executed during the scans...
On 31th Oct, WordPress 4.8.3 has been released. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. Details WordPress versions 4.8.2 and earlier are affected by an...
Blazy Blazy is a modern login page bruteforcer. Features Easy target selections Smart form and error detection CSRF and Clickjacking Scanner Cloudflare and WAF Detector 90% accurate results Checks for login bypass via SQL...
Cross-Site “Scripter” (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities. It provides several options to try to bypass certain filters and various special techniques for code injection. XSSer has...
reddalert AWS security monitoring/alerting tool built on top of Netflix’s EDDA project. What do we want to see? Examples: security group whitelists some weird port(range) ELB forwards traffic to some weird port an EC2 instance was...
redirect.py open redirect subdomains scanner by ak1t4 know.0nix@gmail.com Download git clone https://github.com/ak1t4/open-redirect-scanner.git Use ./redirect.py [subdomains.file] [redirect-payload] Example ./redirect.py uber.list ‘//yahoo.com/%2F..’ Payloads examples: #payload = ‘//www.google.com/%2F..’ #payload2 = ‘//www.yahoo.com//‘ #payload3 = ‘//www.yahoo.com//%2F%2E%2E‘ Enjoy! Demo Source: https://github.com/ak1t4/open-redirect-scanner
Security Monkey Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. It provides a single UI to browse and search through all of your accounts, regions, and cloud...
PHP Secure Configuration Checker Check current PHP configuration for potential security flaws. Simply access this file from your web server or run on CLI. Author This software was written by Ben Fuhrmannek, SektionEins GmbH, in...