BruteXSS v1.5 – Cross-site Scripting Tool
BruteXSS is a tool written in python simply to find XSS vulnerabilities in the web application. This tool was originally developed by Shawar Khan in CLI. I just redesigned it...
Category: Web Vulnerability Analysis
shuriken: Cross Site Scripting scanner
Shuriken was developed by Shogun Lab as an open source Cross-Site Scripting (XSS) command line utility to aid web security researchers who want to test a list of XSS payloads...
DorkNet: automate searching for vulnerable web apps
DorkNet Selenium powered Python script to automate searching the web for vulnerable applications. DorkNet can take a single dork or a list of dorks as arguments. After the proper command...
Top 9 Best Tool for Penetration Tester
We have filled the world of hackers with infinite fantasy and fear, but with the rise of technology and security in the field of progress, hacking technology has become increasingly...
python gdork sqli: Automatically Finding and Exploiting SQL injection
Find SQL injections This python script is developed to show, how many vulnerable websites, which are laying around on the web. The main focus of the script is to generate...
wig: Fingerprint Web Server – Detect CMS, phpmyadmin page, php-apache version
wig – WebApp Information Gatherer wig is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications. The application fingerprinting is based on...
arachni v1.6.1.3 releases: Web application security scanner framework
I would like to talk about arachni, an open-source framework among many Web Vulnerability Scanners (WVS). I tested it briefly, and it seems to be usable. Also, you should learn...
SCANNER-INURLBR: Advanced search in search engines |exploit GET/POST capturing emails & urls
Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found. Screenshot:...
Some good Web vulnerability scanning modules in Metasploit
Information gathering web server scanning module Module auxiliary/scanner/http/http_version Module auxiliary/scanner/http/open_proxy Module auxiliary/scanner/http/robots_txt Module auxiliary/scanner/http/frontpage_login Module auxiliary/admin/http/tomcat_administration Module auxiliary/admin/http/tomcat_utf8_traversal Module auxiliary/scanner/http/options Module auxiliary/scanner/http/drupal_views_user_enum Module auxiliary/scanner/http/scraper Module auxiliary/scanner/http/svn_scanner Module auxiliary/scanner/http/trace Module auxiliary/scanner/http/vhost_scanner...
whitewidow: SQL Vulnerability Scanner
Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potentially vulnerable websites. It allows automatic file...
Install OpenVAS Vulerability Scanning on Kali Linux
OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. How to install OpenVAS on Kali Linux apt-get update apt-get...
WebApp Vulnerability scanning with VEGA
Vega is a free web vulnerability diagnostic scanner developed by SUBGRAPH. The UI is also one of my favorite scanners because of its superior performance compared to other WVS that...
List of PHP Exploitation Code
Command Execution PHP Code Execution Apart from eval, here are other ways to execute PHP code: include/require can be used for remote code execution in the form of Local File...
XVWA :Web Application Hacking Lab in kali linux
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. It’s not advisable to host this application online as it is designed...
Xpath: detecting and exploiting error-based injection security
What is XPath? XPath Injection Similar to SQL injection, XPath injection occurs when the site uses the information entered by the user to construct the request for XML data. An...
