Stowaway : Multi-hop Proxy Tool For Pentesters
Stowaway is Multi-hop proxy tool for security researchers and pentesters Users can easily proxy their network traffic to intranet nodes (multi-layer) PS: The files under demo folder are Stowaway's beta version,it's still functional, you can check the detail by README.md file under the demo folder. Features obvious node topologymulti-hop socks5 traffic proxymulti-hop ssh traffic proxyremote interactive shellnetwork traffic...
Git Vuln Finder : Finding Potential Software Vulnerabilities From Git Commit Messages
Git Vuln Finder finds potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present, those are added automatically in the output. Requirements jq (sudo...
Wafw00f : Identify & Fingerprint Web Application Firewall
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website. To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions.If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which...
XoN : Tool To Search An Aggregated Repository Of Xposed Passwords
XposedOrNot or XoN tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security. The main aim of this project is to give a free platform for the general public to check if their password is exposed and compromised. This massive password...
Dsync : IDAPython Plugin That Synchronizes Disassembler & Decompiler Views
Dsync is a IDAPython plugin that synchronizes decompiled and disassembled code views. Please refer to comments in source code for more details. Also Read - AWS Report – Tool For Analyzing Amazon Resources Demo Download
RFCpwn : An Enumeration & Exploitation Toolkit Using RFC Calls To SAP
RFCpwn is an SAP enumeration and exploitation toolkit using SAP RFC calls. This is a toolkit for demonstrating the impact of compromised service accounts. This PoC is not for use in production environments, no guarantee of stability or support. It relies on the pyrfc and the libraries provided by SAP in: https://github.com/SAP/PyRFC#installation Also Read - AWS Report : Tool For...
LKWA : Lesser Known Web Attack Lab
LKWA or Lesser Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as Object Injection, XSSI, PHAR Deserialization, variables variable ..etc. Write-ups are welcome. Installation Just clone the git with git clone https://github.com/weev3/LKWA and move it to your web server and you are good to go. Also Read - Turbolist3r...
Multiscanner : Modular File Scanning/Analysis Framework
MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built Python scripts, web APIs, software running on another machine, etc. Tools are incorporated by creating modules that run in the framework. Modules are designed to...
Tishna : Automated Web Application Hacker 2020
Tishna is an complete Automated pentest framework for Servers, Application Layer to Web Security. This software have 62 Options with full automation and can be use for web security swiss knife. Tishna is Web Server Security Penetration Software for Ultimate Security AnalaysisKali, Parrot OS, Black Arch, Termux, Android Led TV Also Read - AVCLASS++ : Yet Another Massive Malware Labeling...
AWS Report – Tool For Analyzing Amazon Resources
AWS Report is a tool for analyzing amazon resources, let us have a look at some of features; Search iam users based on creation dateSearch buckets publicSearch security group with inbound rule for 0.0.0.0/0Search elastic ip dissociatedSearch volumes availableSearch AMIs with permission publicSearch internet gateways detached Also Read - nmapAutomator : A Script That You Can Run In The Background Install requirements pip3...
