Category: Web Vulnerability Analysis
CORStest A simple CORS misconfiguration scanner Based on the research of James Kettle CORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing (CORS) misconfigurations. It takes a text file as input which...
UpPwn UpPwn is a script that automates detection of security flaws on websites’ file upload systems. In some cases, it also allows exploiting these vulnerabilities in order to upload malicious files. Installation curl -sL...
WebXploiter The main purpose of this tool is to help to automate the manual Recon techniques + basic exploitation techniques which we used to try each time when we are pentesting or while cracking...
mando.me: Web Command Injection Tool PHP Command Injection exploitation tool Exploit web page and upload simple-shell.php (or simply find an existing exploitable command injection). Execute the controller to exploit the command injection vulnerability. The...
Installing OpenVAS 9 on Ubuntu If you install OpenVAS in an Ubuntu virtual machine, I recommend adding as many CPUs as possible to speed up the scan. The recommended minimum is 8GB of memory...
Angular Client-Side Template Injection Scanner ACSTIS helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports scanning a single request...
PenBox – A Penetration Testing Framework A Penetration Testing Framework, The Hacker’s Repo our hope is in the last version we will have the very script that a hacker needs #Information Gathering : nmap...
AWS Extender AWS Extender is a BurpSuite extension to identify and test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues using the boto/boto3 SDK library. Getting Started For...
XML Entity Injection (XXE) An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by...
cve-search cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into MongoDB to facilitate the search and processing of CVEs. The main objective of the software is...
Jaidam is an open source penetration testing tool that would take as input a list of domain names, scan them, determine if WordPress or Joomla platform was used and finally check them automatically, for...
Blindy Simple script for running brute-force blind MySql injection Note: this script was created for fun, helpful in some ctf challenges 🙂 Description The script will run through queries listed in sets in provided...
What’s GoLismero? GoLismero is an open source framework for security testing. It’s currently geared towards web security, but it can easily be expanded to other kinds of scans. The most interesting features of the...
EllaScanner Passive web scanner. EllaScanner is a simple passive web scanner. Using this tool you can simply check your site’s security state. Scanning of the site consists several phases: At the first phase, you...
CRLF.py CRLF – Auto CRLF Injector Author: Rudra Sarkar Disclaimer: I am not responsible for any damage done using this tool. This tool should only be used for educational purposes and for penetration testing. Installation...