Jaeles : The Swiss Army Knife For Automated Web Application Testing
Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner. Installation If you have a Go environment, make sure you have Go >= 1.13 with Go Modules enable and run the following command. GO111MODULE=on go get -u github.com/jaeles-project/jaeles Usage Example commands: - jaeles scan -u http://example.com- jaeles scan -s signatures/common/phpdebug.yaml -U /tmp/list_of_urls.txt- jaeles scan -v --passive...
GDA Android Reversing Tool
Here, a new Dalvik bytecode decompiler, GDA(this project started in 2013 and released its first version 1.0 in 2015 at www.gda.wiki:9090) , is proposed and implemented in C++ to provide more sophisticated, fast and convenient decompilation support. GDA is completely self-independent and very stable. It supports APK, DEX, ODEX, oat files, and run without installation...
Project Black : BugBounty Progress Control With Scanning Modules
Project Black is a scope control, scope scanner and progress tracker for easier working on a bug bounty or pentest project. The tools encourages more methodical work on pentest/bugbounty, tracking the progress and general scans information. It can launch masscannmapdirsearchamasspatator against the scope you work on and store the data in a handy form. Perform useful filtering of the project's data, for...
Qiling : Advanced Binary Emulation Framework
Qiling is an advanced binary emulation framework, with the following features: Cross platform: Windows, MacOS, Linux, BSDCross architecture: X86, X86_64, Arm, Arm64, MipsMultiple file formats: PE, MachO, ELFEmulate & sandbox machine code in a isolated environmentProvide high level API to setup & configure the sandboxFine-grain instrumentation: allow hooks at various levels (instruction/basic-block/memory-access/exception/syscall/IO/etc)Allow dynamic hotpatch on-the-fly running code, including the loaded...
NFStream : A Flexible Network Data Analysis Framework
NFStream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework...
WhatTheHack : A Collection Of Challenge Based Hack
WhattheHack is a challenge based hackathon format. A collection of challenge based hack-a-thons including student guide, proctor guide, lecture presentations, sample/instructional code and templates. What, Why and How "What the Hack" is a challenge based hackathon formatChallenges describe high-level tasks and goals to be accomplishedChallenges are not step-by-step labsAttendees work in teams of 3 to 5 people to solve the...
OpenSK : Open-Source Implementation For Security Keys
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standard. This repository contains a Rust implementation of a FIDO2 authenticator. We developed this as a Tock OS application and it has been successfully tested on the following boards: Nordic nRF52840-DKNordic nRF52840-dongle FIDO2 Although we tested and implemented our firmware based on the published CTAP2.0 specifications, our implementation was...
Injectus : CRLF & Open Redirect Fuzzer
Injectus is a simple python tool that goes through a list of URLs trying CRLF and open redirect payloads. Design If we have the following URL: https://dubell.io/?param1=value1&url=value2¶m3=value3 For CRLF attacks, Injectus will inject every payload once into the value of one parameter, for every n parameters. For example, Injectus will create the following list with the URL above: https://dubell.io/?param1=%%0a0abounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%0abounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%0d%0abounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%0dbounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%23%0dbounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%25%30%61bounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%25%30abounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%250abounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%25250abounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%3f%0dbounty:strike&url=value2¶m3=value3https://dubell.io/?param1=%u000abounty:strike&url=value2¶m3=value3https://dubell.io/?param1=value1&url=%%0a0abounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%0abounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%0d%0abounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%0dbounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%23%0dbounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%25%30%61bounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%25%30abounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%250abounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%25250abounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%3f%0dbounty:strike¶m3=value3https://dubell.io/?param1=value1&url=%u000abounty:strike¶m3=value3https://dubell.io/?param1=value1&url=value2¶m3=%%0a0abounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%0abounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%0d%0abounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%0dbounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%23%0dbounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%25%30%61bounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%25%30abounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%250abounty:strike https://dubell.io/?param1=value1&url=value2¶m3=%25250abounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%3f%0dbounty:strikehttps://dubell.io/?param1=value1&url=value2¶m3=%u000abounty:strike Also...
PCFG Cracker : Probabilistic Context Free Grammar (PCFG) Password Guess Generator
This project uses machine learning to identify password creation habits of users. A PCFG model is generated by training on a list of disclosed plaintext/cracked passwords. In the context of this project, the model is referred to as a ruleset and contains many different parts of the passwords identified during training, along with their associated...
DVNA : Damn Vulnerable NodeJS Application
Damn Vulnerable NodeJS Application (DVNA) is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. The application is powered by commonly used libraries such as express, passport, sequelize, etc. Developer Security Guide book The application comes with a developer friendly comprehensive guidebook which can be used to learn, avoid and fix the...
