XSS-Freak : XSS Scanner Fully Written In Python3 From Scratch
XSS-Freak is an xss scanner fully written in python3 from scratch. it is one of its kind since it crawls the website for all possible links and directories to expand its attack scope. Then it searches them for inputs tags and then launches a bunch of xss payloads. if an inputs is not sanitized and...
Netdata – Real-time Performance Monitoring
Netdata is distributed, real-time, performance and health monitoring for systems and applications. It is a highly-optimized monitoring agent you install on all your systems and containers. Netdata provides unparalleled insights, in real-time, of everything happening on the systems it runs (including web servers, databases, applications), using highly interactive web dashboards. It can run autonomously, without any third-party components, or it can be integrated to existing...
IPv6Tools : A Robust Modular Framework
The IPv6Tools framework is a robust set of modules and plugins that allow a user to audit an IPv6 enabled network. The built-in modules support enumeration of IPv6 features such as ICMPv6 and Multicast Listener Discovery (MLD). In addition, the framework also supports enumeration of Upper Layer Protocols (ULP) such as multicast DNS (mDNS) and Link-Local Multicast Name Resolution...
Pytm : A Pythonic Framework For Threat Modeling
Define your system in Python using the elements and properties described in the pytm framework. Based on your definition, pytm can generate, a Data Flow Diagram (DFD), a Sequence Diagram and most important of all, threats to your system. Requirements Linux/MacOSPython 3.xGraphviz packageJava (OpenJDK 10 or 11)plantuml.jar Usage tm.py optional arguments: ...
InjuredAndroid : A Vulnerable Android Application
InjuredAndroid is a vulnerable Android application with ctf examples based on bug bounty findings, exploitation concepts, and pure creativity. Setup for a physical device Download injuredandroid.apk from Github Enable USB debugging on your Android test phone. Connect your phone and your pc with a usb cable. Install via adb. adb install injuredandroid.apk. Note: You need to use...
FockCache : Minimalized Test Cache Poisoning
FockCache is a minimalized test cache poisoning. It tries to make cache poisoning by trying X-Forwarded-Host and X-Forwarded-Scheme headers on web pages. After successful result, it gives you a poisoned URL. To be added soon: Page Param CheckerRecursive Checking Installation Install with installer.sh chmod +x installer.sh./installer.sh Also Read - PCFG Cracker : Probabilistic Context Free Grammar (PCFG) Password Guess Generator 2 - Install manual go get github.com/briandowns/spinnergo get...
Acunetix – Web Application Security Scanner
Acunetix is the pioneer in automated web application security software, has announced the release of Acunetix Version 13. The new release comes with an improved user interface and introduces innovations such as the SmartScan engine, malware detection functionality, comprehensive network scanning, proof-of-exploit, incremental scanning, and more. This release further strengthens the leading position of...
SEcraper : Search Engine Scraper Tool With BASH Script
SEcraper is a search engine scraper tool with BASH script. Dependency curl (cli) Available Search Engine Ask.comSearch.yahoo.comBing.com Also Read - PCFG Cracker : Probabilistic Context Free Grammar (PCFG) Password Guess Generator Installation git clone https://github.com/zerobyte-id/SEcraper.git cd SEcraper/ Run bash secraper.bash "QUERY" Download
Re2Pcap : Create PCAP file From Raw HTTP Request Or Response In Seconds
Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using it and test them against Snort rules. It allow you to quickly create PCAP file for raw HTTP request shown below; POST /admin/tools/iplogging.cgi HTTP/1.1Host: 192.168.13.31:80User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0Accept: text/plain, /; q=0.01Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://192.168.13.31:80/admin/tools/iplogging.htmlContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 63Cookie: token=1e9c07e135a15e40b3290c320245ca9aConnection: closetcpdumpParams=tcpdump...
TakeOver : Sub-Domain TakeOver Vulnerability Scanner
Sub-domain TakeOver vulnerability occur when a sub-domain (subdomain.example.com) is pointing to a service (e.g: GitHub, AWS/S3,..) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that sub-domain. For example, if subdomain.example.com was pointing to a GitHub...
.webp "WolfPack – Scaling Red Team Redirectors")
