pocsploit: open source PoC verification framework
pocsploit pocsploit is a lightweight, flexible, and novel open-source poc verification framework. Pain points of the POC framework in the market There are too many parameters, I don’t know how...
Category: Web Vulnerability Analysis
Local PHP Security Checker v2.0.6 releases: checks if your PHP application depends on PHP packages with known security vulnerabilities
Local PHP Security Checker The Local PHP Security Checker is a command-line tool that checks if your PHP application depends on PHP packages with known security vulnerabilities. It uses the...
Node Security Shield: Securing NodeJS Applications
Node Security Shield Node Security Shield (NSS) is a Developer and Security Engineer friendly module for Securing NodeJS Applications by allowing developers to declare what resources an application can access....
Dome: active and/or passive scans to obtain subdomains and search for open ports
DOME – A subdomain enumeration tool Dome is a fast and reliable python script that makes active and/or passive scans to obtain subdomains and search for open ports. This tool...
Reconator: Automated Recon for Pentesting & Bug Bounty
Reconator Reconator is a Framework for automating your process of reconnaissance without any Computing resource (Systemless Recon) free of cost. Its Purely designed to host on Heroku which is a...
wpgarlic: proof-of-concept WordPress plugin fuzzer
wpgarlic A proof-of-concept WordPress plugin fuzzer used in the research described in https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html that helped to discover more than 120 vulnerabilities in WordPress plugins installed on more than 10 million sites....
RevSuit v0.7.1 releases: Flexible and Powerful Reverse Connection Platform
RevSuit – A Flexible and Powerful Reverse Connection Platform RevSuit is a flexible and powerful reverse connection platform designed for receiving connections from the target hosts in penetration. It currently...
ShadowClone: delegate time-consuming tasks to the cloud
ShadowClone ShadowClone is designed to delegate time-consuming tasks to the cloud by distributing the input data to multiple serverless functions (AWS Lambda, Azure Functions, etc.) and running the tasks in...
spring4shell scan: fully automated, reliable, and accurate scanner for finding Spring Cloud RCE vulnerabilities
spring4shell scan A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities. The Spring4Shell RCE is a critical vulnerability that FullHunt has been researching since...
HTTP Smuggling Calculator: Perform TE.CL HTTP Request Smuggling attacks
HTTP CL.TE & TE.CL Desync Calculator Perform CL.TE and TE.CL HTTP Request Smuggling attacks by crafting HTTP Request automatically. A simple python script that allows you to customise both Normal...
C0deVari4nt: scans codebases for similar vulnerabilities
C0deVari4nt C0deVari4nt is a variant analysis and visualisation tool that inspects codebases for similar vulnerabilities. It leverages CodeQL, a semantic code analysis engine, to query code based on user-controlled CodeQL...
agartha v1.0 releases: burp extension for dynamic payload generation to detect injection flaws
Agartha { LFI | RCE | Auth | SQLi | Http-Js } Agartha is a penetration testing tool that creates dynamic payload lists and user access matrix to reveal injection...
Nuclei plugin for BurpSuite v1.1.2 releases: Nuclei Template Generator Burp Plugin
Nuclei plugin for BurpSuite A BurpSuite plugin intended to help with nuclei template generation. Features Template matcher generation Word and Binary matcher creation using selected response snippets from Proxy history or Repeater contexts Multi-line selections are split to separate...
Nuclei-Burp Extension: run nuclei scanner directly from burp
Nuclei – Burp Extension A simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues. Installation Load the extension to burp Download...
request smuggler: Http request smuggling vulnerability scanner
Request smuggler – Http request smuggling vulnerability scanner Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability. Installation Linux...
