Astra : Automated Security Testing For REST API’s
REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. It can automatically detect and test login & logout (Authentication...
HTTPS-Everywhere : A Browser Extension That Encrypts Your Communications
HTTPS-Everywhere is a browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections. Get the packages you need and install a git hook to run tests before push: bash install-dev-dependencies.sh Run the ruleset validations and browser tests: bash test.sh Run the latest code and rulesets in a standalone Firefox profile: bash test/firefox.sh --justrun Run...
uDork – Google Hacking Tool
uDork is a script written in Python that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on. It does NOT make attacks against any server, it only uses predefined dorks and/or official lists from exploit-db.com (Google Hacking Database: https://www.exploit-db.com/google-hacking-database). You need to...
XXExploiter : Tool To Help Exploit XXE Vulnerabilities
XXExploiter is a tool to help exploit XXE vulnerabilities. They wrote this tool to help me testing XXE vulnerabilities. It generates the XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration. IMPORTANT: This tool is still under development and although most of its features are already working, some may have not been...
Maryam : Open-source Intelligence(OSINT) Framework
OWASP Maryam is an Open-source intelligence(OSINT) and Web-based Footprinting modular/tool framework based on the Recon-ng and written in Python. If you have skill in Metasploit or Recon-ng, you can easily use it without prerequisites. Also Read - Lazydocker : The Lazier Way To Manage Everything Docker What can be done? If you want Extracts Emails, Docs, Subdomains, Social networks...
InstaSave : Python Script To Download Images, Videos & Profile Pictures From Instagram
InstaSave is a python script to download images, videos & profile pictures from Instagram without any API access. Also Read - Pypykatz : Mimikatz Implementation In Pure Python Features Download Instagram Photos Download Instagram Videos Download Instagram Profile Pictures Git Installation #clone the repo$ git clone https://github.com/sameera-madushan/InstaSave.git#change the working directory to InstaSave$ cd InstaSave#install the requirements$ pip3 install -r requirements.txt Usage python instasave.py For...
XSHOCK : Tool To Exploits ShellShock
XSHOCK Shellshock Exploit. All founded directories will be saved in vulnurl.txt file. The results of the executed commands are saved in response.txt. Features This tool include: CGI VULNERABILITYDIRECTORY SCANRUN COMMAND WITH FOUNDED CGISHOW VULNERABLE URLSUPDATE PROXY Installation git clone https://github.com/capture0x/xShock/cd xShockpip3 install -r requirements.txt Also Read - Token Reverser : Word List Generator To Crack Security Tokens Usage python3 main.py CGI VULNERABILITY Checks cgi-bin directory on the...
Chepy : A Python lib/cli Equivalent Of The Awesome CyberChef Tool
Chepy is a python library with a handy cli that is aimed to mirror some of the capabilities of CyberChef. A reasonable amount of effort was put behind it to make it compatible to the various functionalities that CyberChef offers, all in a pure Pythonic manner. There are some key advantages and disadvantages that it...
SShuttle: Where Transparent Proxy Meets VPN Meets SSH
SShuttle is a transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling. As far as I know, it is the only program that solves the following common case: Your client machine (or router) is Linux, FreeBSD, or MacOS.You have access to a remote...
Lazydocker : The Lazier Way To Manage Everything Docker
Lazydocker is a simple terminal UI for both docker and docker-compose, written in Go with the gocui library. Minor rant incoming: Something's not working? Maybe a service is down. docker-compose ps. Yep, it's that microservice that's still buggy. No issue, I'll just restart it: docker-compose restart. Okay now let's try again. Oh wait the issue is still there. Hmm. docker-compose...
