SCodeScanner SCodeScanner stands for Source Code scanner where the user can scan the source code for finding the Critical Vulnerabilities. The main objective of this scanner is to find the...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published August 2, 2022 · Last modified March 31, 2023
Apache Tomcat Scanner A python script to scan for Apache Tomcat server vulnerabilities. Features Multithreaded workers to search for Apache tomcat servers. Multiple target sources accepted: Retrieving list of computers...
cats REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with no coding effort! Comprehensive: tests are generated automatically based on a large number...
CrackQL CrackQL is a GraphQL password brute-force and fuzzing utility. CrackQL is a versatile GraphQL penetration testing tool that exploits poor rate-limit and cost analysis controls to brute-force credentials and...
Vulnerability Analysis / Web Vulnerability Analysis
by do son · Published July 26, 2022 · Last modified October 25, 2022
Packj flags malicious/risky open-source packages Packj (pronounced package) is a command-line (CLI) tool to vet open-source software packages for “risky” attributes that make them vulnerable to supply chain attacks. This...
RESTler What is RESTler? RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For...
GraphCrawler Graph Crawler is an automated testing toolkit for any GraphQL endpoint. It will run through and check if the mutation is enabled, check for any sensitive queries available, such...
File Upload Vulnerability Scenarios (Challenges) This repository is a dockerized PHP application containing some file upload vulnerability challenges (scenarios). OWASP References: Classification: Web Application Security Testing > 10-Business Logic Testing...
Vulnerability Analysis / Web Vulnerability Analysis
by do son · Published June 21, 2022 · Last modified May 1, 2024
chain-bench Chain-bench is an open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark. The auditing focuses on the...
XSS Vulnerability Scenarios (challenges) This repository is a Dockerized php application containing some XSS vulnerability challenges. The ideas behind the challenges are: Javascript validation bypass html entities bypass WAF bypass...
MITM Intercept A little bit less hackish way to intercept and modify non-HTTP protocols through Burp and others with SSL and TLS interception support. This tool is for researchers and...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published May 30, 2022 · Last modified May 1, 2024
haxunit HaxUnit combines multiple active and passive subdomain enumeration tools and port scanning tools with vulnerability discovery tools. For each subdomain enumeration tool, you’ll be prompted to add the newly...
CRLFsuite CRLFsuite is a fast tool specially designed to scan CRLF injection. Features ✔️ Single URL scanning ✔️ Multiple URL scanning ✔️ Stdin supported ✔️ GET & POST method supported ✔️ Concurrency ✔️ Best Payloads list...
Jeeves Jeeves is made for looking to Time-Based Blind SQLInjection through recon. Install > go install github.com/ferreiraklet/Jeeves@latest OR > git clone https://github.com/ferreiraklet/Jeeves.git > cd Jeeves > go build jeeves.go >...
What is ReDoS vulnerability? A regular expression is the most known text processing utility for programmers. There are many tools to use regular expression: grep, awk, and perl for example. Besides, a regular...
Support Securityonline.info site. Thanks!
