.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
XSS-LOADER : Xss Payload Generator, Scanner & Dork Finder
XSS-LOADER is a all in one tools for XSS PAYLOAD GENERATOR -XSS SCANNER-XSS DORK FINDER and this is written by Hulya Karabag. This tool creates payload for use in xss injectionSelect default payload tags from parameter or write your payloadIt makes xss inj. with Xss Scanner parameterIt finds vulnerable sites url with Xss Dork Finder parameter How to use? https://www.youtube.com/watch?v=ys_a5yx1hmY Installation git clone...
Starkiller : A Frontend for PowerShell Empire
Starkiller is a Frontend for Powershell Empire. It is an Electron application written in VueJS. If you'd like to contribute please follow the Contribution guide. If you'd like to request a feature or report a bug, please follow the Issue template. Getting Started To run Starkiller, you can download the installers for Mac, Linux, and Windows on the Releases page....
FinalRecon : OSINT Tool for All-In-One Web Reconnaissance
FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. Features It provides detailed information such as : Header Information Whois SSL Certificate Information Crawler DNS Enumeration A, AAAA, ANY, CNAME, MX, NS, SOA, TXT RecordsDMARC Records ...
ScoringEngine : Scoring Engine for Red/White/Blue Team Competitions
ScoringEngine for Red/White/Blue Team Competitions. Download Docker. If you are on Mac or Windows, Docker Compose will be automatically installed. On Linux, make sure you have the latest version of Compose. If you're using Docker for Windows on Windows 10 pro or later, you must also switch to Linux containers. Run in this directory: docker-compose builddocker-compose up If you want to delete...
Astra : Automated Security Testing For REST API’s
REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. It can automatically detect and test login & logout (Authentication...
HTTPS-Everywhere : A Browser Extension That Encrypts Your Communications
HTTPS-Everywhere is a browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections. Get the packages you need and install a git hook to run tests before push: bash install-dev-dependencies.sh Run the ruleset validations and browser tests: bash test.sh Run the latest code and rulesets in a standalone Firefox profile: bash test/firefox.sh --justrun Run...
uDork – Google Hacking Tool
uDork is a script written in Python that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on. It does NOT make attacks against any server, it only uses predefined dorks and/or official lists from exploit-db.com (Google Hacking Database: https://www.exploit-db.com/google-hacking-database). You need to...
XXExploiter : Tool To Help Exploit XXE Vulnerabilities
XXExploiter is a tool to help exploit XXE vulnerabilities. They wrote this tool to help me testing XXE vulnerabilities. It generates the XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration. IMPORTANT: This tool is still under development and although most of its features are already working, some may have not been...
Maryam : Open-source Intelligence(OSINT) Framework
OWASP Maryam is an Open-source intelligence(OSINT) and Web-based Footprinting modular/tool framework based on the Recon-ng and written in Python. If you have skill in Metasploit or Recon-ng, you can easily use it without prerequisites. Also Read - Lazydocker : The Lazier Way To Manage Everything Docker What can be done? If you want Extracts Emails, Docs, Subdomains, Social networks...
InstaSave : Python Script To Download Images, Videos & Profile Pictures From Instagram
InstaSave is a python script to download images, videos & profile pictures from Instagram without any API access. Also Read - Pypykatz : Mimikatz Implementation In Pure Python Features Download Instagram Photos Download Instagram Videos Download Instagram Profile Pictures Git Installation #clone the repo$ git clone https://github.com/sameera-madushan/InstaSave.git#change the working directory to InstaSave$ cd InstaSave#install the requirements$ pip3 install -r requirements.txt Usage python instasave.py For...
