.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
XSpear : Powerfull XSS Scanning & Parameter Analysis
XSpear is XSS Scanner on ruby gems. Key Features Pattern matching based XSS scanningDetect alert confirm prompt event on headless browser (with Selenium)Testing request/response for XSS protection bypass and reflected params Reflected ParamsFiltered test event handler HTML tag Special Char Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...)Dynamic/Static Analysis Find SQL Error patternAnalysis Security...
Theo : Ethereum Recon And Exploitation Tool
Theo aims to be an exploitation framework and a blockchain recon and interaction tool. Features Automatic smart contract scanning which generates a list of possible exploits.Sending transactions to exploit a smart contract.Transaction pool monitor.Web3 consoleFrontrunning and backrunning transactions.Waiting for a list of transactions and sending out others.Estimating gas for transactions means only successful transactions are sent.Disabling gas estimation will send transactions...
AutoRecon : Multi Threaded Network Reconnaissance Tool
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments (e.g. OSCP). It may also be useful in real-world engagements. The tool works by firstly performing port scans / service detection scans. From those initial results, the tool will launch further...
WiFiBroot : A WiFi Pentest Cracking tool for WPA/WPA2
WiFiBroot is a WiFi-Penetest-Cracking tool for WPA/WPA2 (Handshake, PMKID, Offline Cracking, EAPOLS, Deauthentication Attack). It is built to provide clients all-in-one facility for cracking WiFi (WPA/WPA2) networks. It heavily depends on scapy, a well-featured packet manipulation library in Python. Almost every process within is dependent somehow on scapy layers and other functions except for operating the wireless...
Memguard : Secure Software Enclave For Storage Of Sensitive Information In Memory
MemGuard secure software enclave for storage of sensitive information in memory. This package attempts to reduce the likelihood of sensitive data being exposed. It supports all major operating systems and is written in pure Go. Features Sensitive data is encrypted and authenticated in memory using xSalsa20 and Poly1305 respectively. The scheme also defends against cold-boot attacks.Memory allocation bypasses the language runtime...
Usbrip : Simple CLI Forensics Tool For Tracking USB Device Artifacts
Usbrip (derived from "USB Ripper", not "USB R.I.P." astonished) is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (aka USB event history, "Connected" and "Disconnected" events) on Linux machines. It is a small piece of software written in pure Python 3 (using some external modules though, see Dependencies/PIP) which parses Linux...
MSNM Sensor – Multivariate Statistical Network Monitoring Sensor
MSNM Sensor (Multivariate Statistical Network Monitoring-Sensor) shows the practical suitability of the approaches found in PCA-MSNM and in Hierarchical PCA-MSNM works. The first one present the MSNM approach and new multivariate statistical methodology for network anomaly detection while the second one proposes the previous one in a hierarchical and structured network systems. The main idea...
W13Scan : Passive Security Scanner Linux/Windows/Mac Systems
W13scan is a proxy-based web scanner that runs on Linux/Windows/Mac systems. If you want w13scan to support https, similar to BurpSuite, first need to set up a proxy server (default 127.0.0.1:7778), then go to http://w13scan.ca to download the root certificate and trust it. Install pip3 install w13scan Usage #helpw13scan -h#runningw13scan -s 127.0.0.1:7778 Also Read - Recon NG : Open Source Intelligence Gathering Tool Aimed...
Slurp : Evaluate The Security Of S3 Buckets
Slurp is a Blackbox/whitebox S3 bucket enumerator. Overview Credit to all the vendor packages that made this tool possible.This is a security tool; it's meant for pen-testers and security professionals to perform audits of s3 buckets. Features Scan via domain(s); you can target a single domain or a list of domainsScan via keyword(s); you can target a single keyword or a list...
Buster : Find Emails Of A Person And Return Information Associated With Them
Buster is a tool to find emails of a person and return info associated with them. It is a simple OSINT tool used to: Get social accounts from various sources(gravatar,about.me,myspace,skype,github,linkedin,avast) Get links to where the email was found using google,twitter,darksearch and paste sites Get domains registered with an email (reverse whois) Generate possible emails and usernames of a person Find...
.webp "SharpExclusionFinder – Streamlining Windows Defender Exclusion Checks With Advanced Scanning Capabilities")
